Hello! I’m building a flow for our app which involves the following requirements:
- allow our users to SSO into an app built by our partner, which is secured by Auth0 SP
- users are already authenticated in our app (which is secured by Keycloak as IDP) and have an valid access_token provided by logging in through Keycloak login page.
- users click a tile in our app to SSO into the partner app.
- We want them to be SSO’d into the partner app without logging in again – that is, we want to leverage their existing access token, rather than provision a new one through subsequent authentication.
Basically this is an IDP-initiated SAML SSO flow, with Keycloak as the IDP. I’ve read the docs on IDP-initiated login and believe this flow is possible. But I’m confused about how to setup our Keycloak configuration to support this.
Users will already be authenticated with Keycloak because we’ve secured our frontend app using a public OIDC flow, so users will have a valid JWT by the time they click on the link that triggers the IDP-initiated SSO.
I’m wondering if anyone has advice on configuring my Keycloak instance to support this use case, or can point me towards examples / guides that implement something similar. I’ve found many examples / guides that solve similar problems, but none that implement this sort of IDP-initiated flow with Keycloak as IDP.
Thanks so much for your help!