diff --git a/packages/app-shell/src/app-shell.js b/packages/app-shell/src/app-shell.js
index d2451f5beb2a3aa7b1ea43eab7289cda9639a572..4b0911b164f81246a9eeacf8529a673aad165786 100644
--- a/packages/app-shell/src/app-shell.js
+++ b/packages/app-shell/src/app-shell.js
@@ -712,7 +712,7 @@ export class AppShell extends ScopedElementsMixin(LitElement) {
return html`
<slot class="${slotClassMap}"></slot>
- <dbp-auth-keycloak lang="${this.lang}" url="${kc.url}" realm="${kc.realm}" client-id="${kc.clientId}" silent-check-sso-redirect-uri="${kc.silentCheckSsoRedirectUri || ''}" scope="${kc.scope || ''}" load-person try-login></dbp-auth-keycloak>
+ <dbp-auth-keycloak lang="${this.lang}" url="${kc.url}" realm="${kc.realm}" client-id="${kc.clientId}" silent-check-sso-redirect-uri="${kc.silentCheckSsoRedirectUri || ''}" scope="${kc.scope || ''}" idp-hint="${kc.idpHint || ''}" load-person try-login></dbp-auth-keycloak>
<div class="${mainClassMap}">
<div id="main">
<dbp-notification lang="${this.lang}"></dbp-notification>
diff --git a/packages/auth/src/auth-keycloak.js b/packages/auth/src/auth-keycloak.js
index 96630f09907fb2b74e4a705f0396de155d13a78b..9717dbf84dc3e34b4e55420bccc64b3ecffa14b6 100644
--- a/packages/auth/src/auth-keycloak.js
+++ b/packages/auth/src/auth-keycloak.js
@@ -42,6 +42,7 @@ export class AuthKeycloak extends LitElement {
this.clientId = null;
this.silentCheckSsoRedirectUri = null;
this.scope = null;
+ this.idpHint = '';
// Create the events
this.initEvent = new CustomEvent("dbp-auth-init", { "detail": "KeyCloak init event", bubbles: true, composed: true });
@@ -174,6 +175,7 @@ export class AuthKeycloak extends LitElement {
clientId: { type: String, attribute: 'client-id' },
silentCheckSsoRedirectUri: { type: String, attribute: 'silent-check-sso-redirect-uri' },
scope: { type: String },
+ idpHint: { type: String, attribute: 'idp-hint' },
};
}
@@ -188,7 +190,7 @@ export class AuthKeycloak extends LitElement {
throw Error("client-id not set");
this._bus = new EventBus();
- this._kcwrapper = new KeycloakWrapper(this.keycloakUrl, this.realm, this.clientId, this.silentCheckSsoRedirectUri);
+ this._kcwrapper = new KeycloakWrapper(this.keycloakUrl, this.realm, this.clientId, this.silentCheckSsoRedirectUri, this.idpHint);
this._kcwrapper.addEventListener('changed', this._onKCChanged);
this._bus.subscribe('auth-login', () => {
diff --git a/packages/auth/src/keycloak.js b/packages/auth/src/keycloak.js
index 6a995c665eb461afcb8c1e9b9f09d557431438b6..591382221a265af347fde17f6b86746b59818a7b 100644
--- a/packages/auth/src/keycloak.js
+++ b/packages/auth/src/keycloak.js
@@ -39,7 +39,7 @@ const ensureURL = function(urlOrPath) {
*/
export class KeycloakWrapper extends EventTarget {
- constructor(baseURL, realm, clientId, silentCheckSsoUri) {
+ constructor(baseURL, realm, clientId, silentCheckSsoUri, idpHint) {
super();
this._baseURL = baseURL;
@@ -48,6 +48,7 @@ export class KeycloakWrapper extends EventTarget {
this._keycloak = null;
this._initDone = false;
this._silentCheckSsoUri = silentCheckSsoUri;
+ this._idpHint = idpHint;
}
_onChanged() {
@@ -105,6 +106,7 @@ export class KeycloakWrapper extends EventTarget {
async _keycloakInit(options) {
// https://gitlab.tugraz.at/dbp/apps/library/issues/41
// retry the keycloak init in case it fails, maybe it helps :/
+ options['idpHint'] = 'eid-oidc';
try {
return await this._keycloak.init(options);
} catch (e) {
@@ -120,10 +122,12 @@ export class KeycloakWrapper extends EventTarget {
const options = {
promiseType: 'native',
- pkceMethod: 'S256'
+ pkceMethod: 'S256',
};
+
if (this._silentCheckSsoUri) {
+
options['onLoad'] = 'check-sso';
options['silentCheckSsoRedirectUri'] = ensureURL(this._silentCheckSsoUri);
@@ -136,6 +140,7 @@ export class KeycloakWrapper extends EventTarget {
} else {
await this._keycloakInit(options);
}
+
}
/**
@@ -164,7 +169,9 @@ export class KeycloakWrapper extends EventTarget {
kcLocale: language, // Keycloak < 9.0
locale: language,
scope: scope,
+ idpHint: this._idpHint,
});
+ //options['idpHint'] = 'eid-oidc';
}
}