🩹 Allow Keycloak authentication to pass 'IdP Hint'

* add App Config option for 'IdP Hint' under Keycloak Authentication * refactor the authentication trigger mechanism to allow direct call to keyjclaok-js adapter login() function * remove `onLoad` from construction options (as it belongs to init())
2023-02-09 12:47:10 +00:00 · 2023-02-09 12:47:10 +00:00 · d9740427eb
parent 3e7b51da33
commit d9740427eb
2 changed files with 11 additions and 6 deletions
--- a/src/utils/ConfigSchema.json
+++ b/src/utils/ConfigSchema.json
@ -481,6 +481,11 @@
                  "type": "string",
                  "description": "The Client ID of the client you created for use with Dashy"
                },
+                "idpHint": {
+                  "title" : "IdP hint",
+                  "type": "string",
+                  "description": "Set to the 'Alias' of an existing Identity Provider in the specified realm to skip the Keycloak login page and redirect straight to the external IdP for authentication"
+                },
                "legacySupport": {
                  "title": "Legacy Support",
                  "type": "boolean",
--- a/src/utils/KeycloakAuth.js
+++ b/src/utils/KeycloakAuth.js
@ -13,25 +13,25 @@ class KeycloakAuth {
  constructor() {
    const { auth } = getAppConfig();
    const {
-      serverUrl, realm, clientId, legacySupport,
+      serverUrl, realm, clientId, idpHint, legacySupport,
    } = auth.keycloak;
    const url = legacySupport ? `${serverUrl}/auth` : serverUrl;
-    const initOptions = {
-      url, realm, clientId, onLoad: 'login-required',
-    };
+    const initOptions = { url, realm, clientId };
+    const loginOptions = idpHint ? { idpHint } : {};

+    this.loginOptions = loginOptions;
    this.keycloakClient = Keycloak(initOptions);
  }

  login() {
    return new Promise((resolve, reject) => {
-      this.keycloakClient.init({ onLoad: 'login-required' })
+      this.keycloakClient.init({ onLoad: 'check-sso' })
        .then((auth) => {
          if (auth) {
            this.storeKeycloakInfo();
            return resolve();
          } else {
-            return reject(new Error('Not authenticated'));
+            return this.keycloakClient.login(this.loginOptions);
          }
        })
        .catch((reason) => reject(reason));