I have an Keycloak Broker and 2 Identity Providers running. Currently I saw the Username and Password fields and the 2 links to the configured Identity Providers at the broker login screen. The login through Identity Providers is possible after klicking a IP link.
How can I disable/remove the Username/Password fields because I want to provide only the Identity Providers to login to my Client (without the possibility to login directly through the Broker)?
There are few out-of-box features that might work.
If you need only one default IdP, you can configure a Default Identity Provider for your realm. This will bypass the Keycloak login page and redirect the user straight to the Identity Provider. More info: https://www.keycloak.org/docs/latest/server_admin/index.html#default_identity_provider
For multiple identity providers, this wouldn't work - but you could use the client-suggested identity provider feature (https://www.keycloak.org/docs/latest/server_admin/index.html#_client_suggested_idp). By adding a kc_idp_hint query string parameter on the link to the Keycloak login page, it will bypass the login and go directly to that IdP. In your web application, you can construct a set of links or buttons for each provider and add the kc_idp_hint into it. However, this won't stop someone clever from still getting to the normal Keycloak login page.
Creating your own login theme may be the most straightforward approach, but I wanted to toss out these options in case anyone else finds it useful.
I am not really sure why Keycloak does not just provide a configuration option for this in the Realm .. but it doesn't. That said .. if you have not enabled self registration then users could not login regardless?
I think you would need to create your own login theme and just remove the username and password section from your theme. It is probably not as hard as it may sound.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With