1 files changed, 19 insertions, 1 deletions

diff --git a/synapse/handlers/oidc_handler.py b/synapse/handlers/oidc_handler.py

index 1607e12935..81cb2ffc6b 100644
--- a/synapse/handlers/oidc_handler.py
+++ b/synapse/handlers/oidc_handler.py
@@ -15,7 +15,7 @@
 import inspect
 import logging
 from typing import TYPE_CHECKING, Dict, Generic, List, Optional, TypeVar
-from urllib.parse import urlencode
+from urllib.parse import urlencode, urlparse, urlunparse, parse_qsl
 
 import attr
 import pymacaroons
@@ -689,6 +689,24 @@ class OidcProvider:
 
         metadata = await self.load_metadata()
         authorization_endpoint = metadata.get("authorization_endpoint")
+
+        kc_idp_hint = request.args.get(b"kdp_hint", [None])[0]
+        if kc_idp_hint:
+            # Pass through the IDP hint parameter.
+            logger.info('Using kdp_hint: %s' % kc_idp_hint)
+
+            # Parse the URL and dump it into a list so it's mutable.
+            url_parts = list(urlparse(authorization_endpoint))
+
+            params = dict(parse_qsl(url_parts[4]))
+            params.update({
+                "kc_idp_hint": kc_idp_hint
+            })
+
+            url_parts[4] = urlencode(params)
+
+            authorization_endpoint = urlunparse(url_parts)
+
         return prepare_grant_uri(
             authorization_endpoint,
             client_id=self._client_auth.client_id,