[BUG] Unable to redirect to Organization IDP when login

[HanifAbRazak]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

1. I created a flow where only have cookie and Home IDP Discovery - Organization via Email.
2. Added new IDP with alias OIDC
3. I created user named "test "and email "[email protected]"
4. I created organization name "Test" and assign domain "test.io"
5. Add "test" as member of "Test" organization
6. Linked "OICD" IDP to "Test" organization
7. Try to login with link "/realms/test/account/"
8. enter email "[email protected]" and click "Sign in"

Result : "Invalid username or password"

Please advice. Did I missed anything?

Expected Behavior

upon clicking sign in, Keycloak will redirect to the IDP that has been set to the organization

Steps To Reproduce

Version

- Keycloak:25.0.0
- This extension:

Anything else?

No response

[sventorben]

Hey @HanifAbRazak,

that's an interesting find.
The extension validates whether a domain is marked as "verified" and only redirects users to an associated IdP if that is the case.
However, while the KC internal model has a property to check verification status, I cannot find a way to set that status via the Keycloak UI. It can be set via REST/HTTP request though.

As this feature is early preview, I would like to understand why you are using this extension instead of the built-in KC functionality for your usecase. Could you elaborate that a bit, please?

Best,
Sven-Torben