Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-2374

Support forwarding of domain_hint query parameter


      The OidcRequestAuthenticator already supports forwarding a number query parameters when redirecting to the /authorize }}endpoint. Currently, the following query parameters are supported in wildfly-elytron: {{{}login_hint, kc_idp_hint, prompt, max_age, ui_locales, and scopes.

      It would be helpful (see below) if the parameter domain_hint could also be forwarded to the /authorize endpoint. This parameter is supported by Microsoft Azure AD.


      We attempt to implement SSO with Azure AD using the elytron-oidc-client in Wildfly 26.0.1.Final. Our aim is to have no user interaction during login. This would allow us to use authentication against Azure AD for websites which are loaded in iframes within our corporate intranet portal site (Azure AD does not allow to display login forms in iframes). In order to achieve this we need to hint Azure AD which domain to use for logging on.

            Unassigned Unassigned
            christoph.boehme@dfg.de Christoph Böhme
            0 Vote for this issue
            1 Start watching this issue