-
Task
-
Resolution: Done
-
Major
-
None
-
None
The OidcRequestAuthenticator already supports forwarding a number query parameters when redirecting to the /authorize }}endpoint. Currently, the following query parameters are supported in wildfly-elytron: {{{}login_hint, kc_idp_hint, prompt, max_age, ui_locales, and scopes.
It would be helpful (see below) if the parameter domain_hint could also be forwarded to the /authorize endpoint. This parameter is supported by Microsoft Azure AD.
Motivation
We attempt to implement SSO with Azure AD using the elytron-oidc-client in Wildfly 26.0.1.Final. Our aim is to have no user interaction during login. This would allow us to use authentication against Azure AD for websites which are loaded in iframes within our corporate intranet portal site (Azure AD does not allow to display login forms in iframes). In order to achieve this we need to hint Azure AD which domain to use for logging on.