Hi,
I have integrated Keycloak and Azure Active Directory (Now is Microsoft Entra Id) successfully follow guideline from https://www.youtube.com/watch?v=LYF-NLHD2uQ.
One point that is we would like to automate redirect to login page of Azure Active Directory (instead of login page keycloak)
Any suggestion or guideline to resolve this point would be very much appreciated!
Thanks!
This can be achieved using the kc_idp_hint parameter inside the configured URL within your client application, for example :
https://keycloak/auth?client_id=<YOUR_CLIENT_ID>&redirect_uri=<THE_REDIRECT_URI>&response_type=code&scope=openid&kc_idp_hint=<the_name_that_you_give_to_the_idp>
This will automatically redirect the user to the external provider.
You want to redirect every user always to EntraID?
Then got your authentication flow, find the “Identity Provider Redirector” and configure it (
symbol) to use always/default your IdP alias.
Thank you @appsec_hero and @dasniko. I will give a try for the suggestion!
You welcome.
The difference between the two solutions is that the first one will achieve the desired behavior for only one specific client (the one specified in the redirect URL to Keycloak), whereas the one proposed by @dasniko will redirect all client applications to the external provider.
Yes, I got it. Thanks for explanation.
For our current case, we only have 1 customer in 1 realm then solution from @dasniko is suitable for us.
Follow this guideline, it works for me.
Thanks!