Logging into SSO directly through client application without going through keycloak login page and clicking abutton


I am building a keycloak application with a reactJS client that authenticates a user through email-password/google/saml 2.0 (Configured by the end user). I would like to have a way to redirect the user directly to the respective IDP when he provides his email, if the email has not been linked to any IDP, he should go to the keycloak login page. Is there any way to do this using any of the Keycloak APIs or Keycloak JS?

Thanks in advance.

This is a good candidate for writing a custom Authenticator. You could use the Username Form and then build a custom authenticator to look up the user, and either redirect to the normal Password Form or do an IdP redirect if the user is known.

Once that is done, how do I redirect them directly to the SAML login page and then get the credential data from the saml login page and back to my application?

There is an example of how to do a redirect to an IdP in the custom Authenticator here: keycloak-extension-playground/DynamicIdpRedirectAuthenticator.java at master · thomasdarimont/keycloak-extension-playground · GitHub

I’m not from a Java background, I was wondering how we could use this in our application. So is this an extension that we could use in our application, if so, how could we use this?
If not, how could we create this same thing in some other language, for example Node?

This is an example of an extension that almost does what you want. Keycloak Authenticator extensions must be written in Java (or a stripped down JS that runs in Nashorn). If you don’t have Java/Keycloak expertise in-house, this is the kind of thing that a consultant could do pretty easily. There are several people like that running around this board and the mailing list.

Can we make extensions that are a separate module from the actual keycloak code that we deploy so that each time we deploy a new update it does not affect the extension?

Yes. You want to build this as a separate extension rather than forking the Keycloak code. Check the server development documentation Server Developer Guide

Thank you for the help!