7

I have followed the guide https://ultimatesecurity.pro/post/okta-saml/ , to configure OKTA Saml with keycloak. After this configuration, I see Okta/saml login button on login page, clicking on which, the user is redirected to Okta login/SSO.

enter image description here

Now, is there a way to avoid clicking on this button everytime such that when the keycloak login page appears, user is auto redirected to Okta SSO automatically instead of shown keycloak login form with okta redirect button?

If not, is it possible to enter okta username password within the keycloak form fields and keycloak have it validated internally from Okta?

This requirement is because the customer is using only Okta as IDP and does not have any other like LDAP etc and clicking on a button seems overhead.

tryingToLearn
  • 7,566
  • 8
  • 55
  • 84

1 Answers1

12

The solution is pretty simple.

1. Go to Realm -> Configure -> Authentication

enter image description here

2. Go to Flows -> Browser-> Identity Provider Redirecter -> Actions -> Config

enter image description here

3. Enter the saml / okta identity provider name that you have created for your realm

enter image description here

(as you can see in my case it was saml-okta-41)

enter image description here

tryingToLearn
  • 7,566
  • 8
  • 55
  • 84
  • I did the steps to redirect keycloak1 to keycloak2. But now I cannot access the keycloak 1 administration console at all, as its always redirecting the user to keycloak2. Is there a way to undo this setting? :D – Nirojan Selvanathan Jul 24 '19 at 07:20
  • 1
    @NirojanSelvanathan I have not tried but I guess you can try to login to master realm and then change the settings in corresponding realm. I hope you did not make the above changes in the master realm itself cause if you did, you try to live dangerously my friend. :) – tryingToLearn Jul 25 '19 at 06:15
  • 3
    Unfortunately I did that on the Master realm, but fortunately, it was the staging instance :) . Reverted the DB. BTW thanks I was searching for a method to auto re-direct to another keycloak. It seems we can also pass a query parameter to do this in the URL. `?kc_idp_hint=identity-server-name` . Hmm these features are not verywell documented in keycloak. – Nirojan Selvanathan Jul 25 '19 at 07:57