Forward Email Address to External IDP

I’m using Keycloak as an identity broker, my app is the service provider. When a user enters their email address, they’re ultimately redirected to the external IDP to authenticate via SAML. Is there a way to forward the email address to the external IDP so that the user doesn’t have to type it in twice?

Default Identity Provider
It is possible to automatically redirect to a identity provider instead of displaying the login form. To enable this go to the Authentication page in the administration console and select the Browser flow. Then click on config for the Identity Provider Redirector authenticator. Set Default Identity Provider to the alias of the identity provider you want to automatically redirect users to.

Thank you, though this isn’t quite what I meant, I’m already doing this. Let me clarify. When I’m on the Service Provider app the first thing I do is enter my email. I use this email to figure out what realm the user is associated with, and then send the user to the default IDP configured for that realm. At that point, they have to log in to the IDP, and it would be nice if the email they used in the SP could be forwarded to the IDP so they don’t have to type the email twice. Am wondering if there’s a way or a setting that can make this happen.


Can your App (the SP) prompt for the user’s email and then store it (the realm or IdP) in a cookie?

Then in subsequent invocations the SP won’t need to prompt for the user’s email.

I could do that, but in this case the preference is for the user to type their email in the App / SP and then not have to type it again when they get redirected to their IDP. The email field in the IDP would just get filled in somehow.