Resurrecting an old question from 2020

dwickstrom · April 18, 2024, 10:57am

We’re trying to use Keycloak as a broker for an ultra common IDP in Sweden, it’s called BankID, and the common implementation involves adding a query parameter to the url that tells the IDP whether to expose a web page with a QR code (which then can be scanned by their mobile application etc), or whether this mobile application resides on the same device. In the latter case you’d get a token and then their application would be opened in the same device.

This look very much like what I’m looking for but it has no effect. This parameter is not forwarded onto the Authorization URL for this idp.

Here’s the old question I was referring to in the topic:

Super thankful for any kind of input!

//David

dwickstrom · April 18, 2024, 1:47pm

Okay now, found the solution together with my colleague. So, we learnt that the query params are forwarded from the /auth endpoint, and not from the idp buttons in the keycloak login template.

Nice.

Topic		Replies	Views
Direct Link IDP Getting advice	2	562	April 19, 2022
Identity brokering, upstream idp selection without exposing idps Securing applications identity-brokering	5	1515	June 10, 2021
Identity brokering from cli (postman or curl) Configuring the server authentication , identity-brokering	5	1469	October 8, 2021
OAuth2 IDP instead of OIDC Configuring the server authentication , identity-brokering , oidc	1	1161	October 3, 2020
No way for external IdP (Google) and Postman? Configuring the server identity-brokering , oidc	3	954	February 11, 2024

Resurrecting an old question from 2020

Related Topics