[keycloak-dev] SAML as social login?
Stian Thorgersen
stian at redhat.com
Tue Feb 4 10:29:08 EST 2014
----- Original Message -----
> From: "Bill Burke" <bburke at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Tuesday, 4 February, 2014 3:26:49 PM
> Subject: Re: [keycloak-dev] SAML as social login?
>
> I guess this would be interesting in the case where your federated IDP
> didn't have role and session mgmt, single sign off, oauth/openid connect
> support? Would Keycloak offer enough value add in this scenario?
Anything to prevent users from having to maintain multiple usernames and passwords is a good thing IMO
>
> On 2/4/2014 7:30 AM, Stian Thorgersen wrote:
> > In theory that should work. The social login feature at the moment has only
> > been tested for OAuth and OAuth2 providers, so may need some tweaking for
> > a SAML provider.
> >
> > We're also assuming that a social provider is able to retrieve a basic user
> > profile
> > (https://github.com/keycloak/keycloak/blob/master/social/google/src/main/java/org/keycloak/social/google/GoogleProvider.java#L85),
> > but you could just return a username and require users to update their
> > profile on first social login ("Update profile on first social login"
> > option on realm settings in admin console).
> >
> > In the future we plan to provide support for federation of authentication
> > (other Keycloak realms, SAML, LDAP, etc.), but this is a good way to get
> > something working with what Keycloak provides at the moment.
> >
> > By the way at the moment the admin console has a hard-coded list of social
> > providers, but in the next release this will be dynamic. So all you'd need
> > is to add a jar that implements the social provider spi, and it will be
> > available to configure it for a realm through the admin console.
> >
> > ----- Original Message -----
> >> From: "Matt Casperson" <mcaspers at redhat.com>
> >> To: keycloak-dev at lists.jboss.org
> >> Sent: Sunday, 2 February, 2014 8:56:48 PM
> >> Subject: [keycloak-dev] SAML as social login?
> >>
> >> If I am reading
> >> https://github.com/keycloak/keycloak/blob/master/social/google/src/main/java/org/keycloak/social/google/GoogleProvider.java
> >> correctly, the only thing needed for a Keycloak social login is a URL to a
> >> login page that the user can be directed to when they are not logged in,
> >> and
> >> to have that login page send back a response that Keycloak can use to
> >> verify
> >> the user and get their details.
> >>
> >> So if I had appropriate permissions to use https://saml.redhat.com/idp/,
> >> could that be added as a social login?
> >>
> >> Regards
> >>
> >> Matthew Casperson
> >> RHCE, RHCJA # 111-072-237
> >> Engineering Content Services
> >> Brisbane, Australia
> >>
> >>
> >> _______________________________________________
> >> keycloak-dev mailing list
> >> keycloak-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
More information about the keycloak-dev
mailing list