Thanks, again. Sorry for my inability to express the flow. I tried again below.
We have three apps using Auth0 for SSO. This works fine. We have a third-party (Enterprise Connection) configured via Open ID Connect to one customer (all users have the same email realm - e.g. testcustomer.com). I configured the Home Realm Discovery with their email domain. That works fine (they get prompted for username, when username is entered, it recognizes the connection and lets them in).
New requirement:
Similar to the above where the end user would login to a different third-party IdP, click on a tile in their app selection list to be redirected to our app, and we want Auth0 to “trust” their IdP (I am sure that isn’t the right term but I hope it helps explain). I configured an OpenID Connect enterprise connection (working with the third-party). It sort of works with two problems.
- The user email domains provided by the third-party provider could be any of thousands with no uniformity (test.com, acme.com, etc.com, etc). I don’t think it’s going to be supportable to constantly update the Home Realm Discovery.
- Connected to the above, we’d like to bypass the step of the user having to re-enter their username at Auth0 to determine which connection to use. I found some references to adding connection={ConnectionName} to the redirect but in testing this did not work.
Any thoughts?