[keycloak-dev] SAML as social login?
bburke at redhat.com
Tue Feb 4 16:06:24 EST 2014
Thanks for the input!
On 2/4/2014 3:57 PM, Matt Casperson wrote:
> The value KeyCloak offers us (if I understand correctly) is that we can
> build applications against KeyCloak and not have to worry about where
> the users details eventually come from. In our local deployment,
> KeyCloak might be nothing more than a middleman between our application
> and an existing SSO solution. But it is nice to be able to support other
> deployment scenarios where KeyCloak is used as a complete and
> independent security solution, with no changes to our code.
> So it is very valuable to us to have a project like KeyCloak providing a
> sliding scale solution from "just bouncing messages between the browser
> and the existing user database" to "we have no existing user database,
> so KeyCloak has to do everything" with little more than a few toggles in
> a UI.
> Matthew Casperson
> RHCE, RHCJA # 111-072-237
> Engineering Content Services
> Brisbane, Australia
> *From: *"Bill Burke" <bburke at redhat.com>
> *To: *keycloak-dev at lists.jboss.org
> *Sent: *Wednesday, 5 February, 2014 1:26:49 AM
> *Subject: *Re: [keycloak-dev] SAML as social login?
> I guess this would be interesting in the case where your federated IDP
> didn't have role and session mgmt, single sign off, oauth/openid connect
> support? Would Keycloak offer enough value add in this scenario?
> On 2/4/2014 7:30 AM, Stian Thorgersen wrote:
> > In theory that should work. The social login feature at the moment
> has only been tested for OAuth and OAuth2 providers, so may need some
> tweaking for a SAML provider.
> > We're also assuming that a social provider is able to retrieve a
> basic user profile
> but you could just return a username and require users to update their
> profile on first social login ("Update profile on first social login"
> option on realm settings in admin console).
> > In the future we plan to provide support for federation of
> authentication (other Keycloak realms, SAML, LDAP, etc.), but this is a
> good way to get something working with what Keycloak provides at the moment.
> > By the way at the moment the admin console has a hard-coded list of
> social providers, but in the next release this will be dynamic. So all
> you'd need is to add a jar that implements the social provider spi, and
> it will be available to configure it for a realm through the admin console.
> > ----- Original Message -----
> >> From: "Matt Casperson" <mcaspers at redhat.com>
> >> To: keycloak-dev at lists.jboss.org
> >> Sent: Sunday, 2 February, 2014 8:56:48 PM
> >> Subject: [keycloak-dev] SAML as social login?
> >> If I am reading
> >> correctly, the only thing needed for a Keycloak social login is a
> URL to a
> >> login page that the user can be directed to when they are not logged
> in, and
> >> to have that login page send back a response that Keycloak can use
> to verify
> >> the user and get their details.
> >> So if I had appropriate permissions to use https://saml.redhat.com/idp/,
> >> could that be added as a social login?
> >> Regards
> >> Matthew Casperson
> >> RHCE, RHCJA # 111-072-237
> >> Engineering Content Services
> >> Brisbane, Australia
> >> _______________________________________________
> >> keycloak-dev mailing list
> >> keycloak-dev at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-dev
> > _______________________________________________
> > keycloak-dev mailing list
> > keycloak-dev at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-dev
> Bill Burke
> JBoss, a division of Red Hat
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
JBoss, a division of Red Hat
More information about the keycloak-dev