Identity Providers - kmd-identity/documentation GitHub Wiki

KMD Identity supports federation with an ever increasing list of Identity Providers (IdPs).

See the list here.

To enable your application to use 1 or more of these IdPs you must:

• Meet the requirements in: Who can use KMD Identity?
• Also meet the requirements specified for that IdP in the list.
• Then you can Contact KMD Identity and tell us which IdP(s) you would like to have enabled for your application and describe how you fulfill the requirements. Remember to include the entityid (client id or relying party identifier) of the application.

Preselect Identity Provider using domain_hint

If more than one IdP has been enabled for an application, users that have not previously chosen to always use a specific one will be met with a page that prompts them to choose which IdP to use.

It is possible to skip the default IdP selection page by specifying a domain_hint parameter in the query string of your (OpenID) authorize or (SAML) request. The domain_hints associated with each IdP are specified in the list linked at the top of this page.

For example client implementations that support the use of the domain_hint parameter, see our KMD Identity sample and test applications.

Prefill username field using login_hint

Some IdPs support the login_hint parameter. This parameter is used to fill out the "username" field on the login form where the user authenticates. If your application includes a login_hint parameter in the query string of your (OpenID) authorize or (SAML) request, we will include the parameter in the request to the upstream IdP.