keycloak-home-idp-discovery
keycloak-home-idp-discovery copied to clipboard
[Feature] Support other ways to discover home idp (provide SPI)
Is there an existing feature request for this?
- [X] I have searched the existing issues
Is your feature related to a problem? Please describe.
There are several requests and discussion to support different ways to discover the home idp.
- based on the URL / domain
- https://github.com/sventorben/keycloak-home-idp-discovery/discussions/228
- based on organizational information like organizational membership
- https://github.com/sventorben/keycloak-home-idp-discovery/issues/189
- https://github.com/sventorben/keycloak-home-idp-discovery/issues/96
- https://github.com/p2-inc/keycloak-orgs/issues/83
Describe the solution you'd like
An SPI to replace the HomeIdpDiscoverer and have different implementations available would be neat. This should be configurable per authenticator instance so that at least each realm can be configured differently.
Describe alternatives you've considered
No response
Anything else?
The SPI should be build in a relatively stable way to allow others to implement their own logic.
This will make this project more like an API others can program against (library) and not simply an extensions others can install and configure anymore. Need to check the implications on maintainability, effort, and things like versioning and provisioning.
Open questions:
- Do we need custom login pages or forms (e.g. to input an organization Id)?