Friday, November 02, 2018

Deep linking in mod_auth_openidc to Keycloaks' brokered IDP

Deep linking or using a static link to initiated SSO from application protected by mod_auth_openidc to the SAML/OIDC identity provider brokered by Keycloak.

#SSO flow
IDP -> Keycloak -> Apache + mod_auth_openidc reverse proxy -> App

Use the URL configured in OIDC callback for mod_auth_openidc "OIDCRedirectURI"
If OIDCRedirectURI = http://app.domain.com/app1/callback
App URL  = http://app.domain.com/app1/landing
Keycloak OIDC Issuer =   http://keycloak.domain.com/auth/realms/testrealm
Keycloak configured Identity Provider Alias = myidpalias

#Link
http://app.domain.com/app1/callback?target_link_uri=http%3A//app.domain.com/app1/landing&iss=http://keycloak.domain.com/auth/realms/testrealm&auth_request_params=kc_idp_hint%3Dmyidpalias

So the format is
 ?target_link_uri=&iss=&auth_request_params=kc_idp_hint%3D

Reference : https://github.com/zmartzone/mod_auth_openidc/wiki#13-how-can-i-add-custom-parameters-to-the-authorization-request (Topic 13 c)
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)