Logging into SSO directly through client application without going through keycloak login page and clicking abutton

sriram.govindaraj · September 24, 2021, 8:53am

Hi,

I am building a keycloak application with a reactJS client that authenticates a user through email-password/google/saml 2.0 (Configured by the end user). I would like to have a way to redirect the user directly to the respective IDP when he provides his email, if the email has not been linked to any IDP, he should go to the keycloak login page. Is there any way to do this using any of the Keycloak APIs or Keycloak JS?

Thanks in advance.

xgp · September 24, 2021, 9:25am

This is a good candidate for writing a custom Authenticator. You could use the Username Form and then build a custom authenticator to look up the user, and either redirect to the normal Password Form or do an IdP redirect if the user is known.

sriram.govindaraj · September 24, 2021, 9:37am

Once that is done, how do I redirect them directly to the SAML login page and then get the credential data from the saml login page and back to my application?

xgp · September 24, 2021, 10:05am

There is an example of how to do a redirect to an IdP in the custom Authenticator here: keycloak-extension-playground/DynamicIdpRedirectAuthenticator.java at master · thomasdarimont/keycloak-extension-playground · GitHub

sriram.govindaraj · September 24, 2021, 12:29pm

I’m not from a Java background, I was wondering how we could use this in our application. So is this an extension that we could use in our application, if so, how could we use this?
If not, how could we create this same thing in some other language, for example Node?

xgp · September 24, 2021, 1:15pm

This is an example of an extension that almost does what you want. Keycloak Authenticator extensions must be written in Java (or a stripped down JS that runs in Nashorn). If you don’t have Java/Keycloak expertise in-house, this is the kind of thing that a consultant could do pretty easily. There are several people like that running around this board and the mailing list.

sriram.govindaraj · September 27, 2021, 4:48am

Can we make extensions that are a separate module from the actual keycloak code that we deploy so that each time we deploy a new update it does not affect the extension?

xgp · September 27, 2021, 8:12am

Yes. You want to build this as a separate extension rather than forking the Keycloak code. Check the server development documentation Server Developer Guide

sriram.govindaraj · September 27, 2021, 9:54am

Thank you for the help!

Topic		Replies	Views
Conditional IdP Redirector or custom username followed by password login screens? Configuring the server	2	2453	April 6, 2021
SAML brokering: Authenticate without using Keycloak UI Getting advice identity-brokering , saml	2	424	May 30, 2023
IdP Initiated Login: support redirect to an URL provided by an external IdP Getting advice identity-brokering , saml	0	399	December 6, 2023
Redirection for SAML Client Getting advice	0	584	April 17, 2020
Help: Rest Client authentication through Keycloak having Identity provider as SAML Getting advice authentication , saml	0	439	July 22, 2020

Logging into SSO directly through client application without going through keycloak login page and clicking abutton

Related Topics