[Feature] Multiple IDP on domain

Question

[Feature] Multiple IDP on domain

SangI762 opened this issue 2 years ago · 10 comments

Is there an existing feature request for this?

I have searched the existing issues

Is your feature related to a problem? Please describe.

It's really rare case, but I have few clients and they have two IDP providers in the company. I love this extension, it's exactly what I wanted long time ago.

Describe the solution you'd like

So, as a user I'd like to choose IDP when domain has more than one IDP mapped. Is it possible?

Describe alternatives you've considered

I tried to use only one idp per domain and use Identity Provider Redirector, but the problem is that fallback idp should be different based on domain. So this doesn't work for me.
I have a lot of companies (b2b clients) integrated in our Keycloak instance, that's why I'm requesting this feature.

Anything else?

No response

Answer 1 · 2023-03-20T13:35:03.000Z

Same here, would be really great to have this feature.

Answer 2 · 2023-03-22T19:47:55.000Z

Hello @SangI762 and @linasslepikas,

I am not sure if I like to implement a feature like that. the whole purpose of this extension is to eliminate the need for users to manually choose an identity provider.

Isn't there any other information available that could be used for an automated decision? How do users currently decide which identity provider to use?

Regards
Sven-Torben

Answer 3 · 2023-04-13T18:27:47.000Z

@SangI762 @linasslepikas
Can you please check if the implementation in #181 could work for you?

Answer 4 · 2023-04-19T19:14:12.000Z

Sorry for delay. Checking it.

Answer 5 · 2023-04-19T19:20:31.000Z

@linasslepikas Do you need a release for it or can you build it from the source?

Answer 6 · 2023-04-19T19:22:22.000Z

Release would be great!

Answer 7 · 2023-04-19T19:29:57.000Z

I just released 21.2.0 as a pre-release

Answer 8 · 2023-04-20T06:30:19.000Z

@sventorben That's amazing. Just tried your latest build and it works as I intended. One small detail, after extension update (setting Forward to first matched IdP was false). So I didn't change anything in my configuration, just added second idp to domain and it didn't work at first. Then I made setting true, saved, made false and here we're. Everything seems awesome now.
Thanks again, man!

Answer 9 · 2023-04-20T07:48:59.000Z

All good here. Thank you!

Answer 10 · 2023-04-20T21:02:38.000Z

One small detail, after extension update (setting Forward to first matched IdP was false)

I think that is a bug where the admin console does not respect the default values, see keycloak/keycloak#19852.

It should behave as if Forward to first matched IdP is switched on, if no explicit configuration is set, because of backwards compatibility.