Keycloak does not send login_hint to Azure AD

avpdiver1 · May 21, 2025, 9:50am

Hello.

Keycloak (v26) does not send login_hint to Azure AD, despite the fact that “Pass login_hint” is enabled.

Maybe the problem is in my Authentication Flow, i don’t know.

I use custom read-only User Storage. In this storage, the authorization method is specified for each user: password or Azure AD.

I set up Authentication Flow like this:

The Username Form is displayed first (a form without a password).
User Storage write the user’s authorization method in the user’s attribute.
Depending on the value of this attribute, there are two conditional flows (Condition - User Attribute): Password Form (work like a charm) or Identity Provider Redirector (to Azure AD).

When the Identity Provider Redirector is executing, the user is known (I suppose), but login_hint is not sent.

SOLVED!
I add authSession.setClientNote(OIDCLoginProtocol.LOGIN_HINT_PARAM, username) in my custom User Storage.

Topic		Replies	Views
How to mapp login_hint to id token oidc	0	353	March 4, 2024
Support for id_token_hint to avoid login flow again Getting advice oidc	3	2221	August 8, 2024
Pass login_hint parameter to adfs login Getting advice saml	6	147	August 9, 2024
Keycloak integrate Azure Active Directory redirect to login page of Azure Active Directory	6	2602	February 23, 2024
Gatekeeper not passing through kc_idp_hint to Keycloak Getting advice	8	998	March 10, 2020