[keycloak-user] Delegated SAML authentication?

Raghu Prabhala prabhalar at yahoo.com
Thu Jan 22 08:22:51 EST 2015


That would be great. Thank you vey much Stian. Just to give you more background and provide you my wishlist for the short term. 1) Identity brokering that will help us authenticate against diff stores. One of them would be Kerberos (SPNEGO). 2) Customization of claims in both SAML as well OpenID Connect responses for each application (client) -similar to what ADFS provides today for SAML. It provides a GUI to choose the store as well as the attributes for each relying party and also to map those attribute names to different values (cn can be mapped to "Name" for one client and "Full Name" for another) which will be reflected in the claims sent to the relying party.3) OpenID Connect Interop (Today some of the endpoints do not fully adhere to the Spec)
I believe you have all the above requests in your queue for 1.2 release or later but would appreciate if you can squeeze them in the next cycle of binaries.
Regards,Raghu     From: Stian Thorgersen <stian at redhat.com>
 To: Raghuram Prabhala <prabhalar at yahoo.com> 
Cc: Bill Burke <bburke at redhat.com>; keycloak-user at lists.jboss.org 
 Sent: Thursday, January 22, 2015 2:24 AM
 Subject: Re: [keycloak-user] Delegated SAML authentication?
   


----- Original Message -----
> From: "Raghuram Prabhala" <prabhalar at yahoo.com>
> To: "Bill Burke" <bburke at redhat.com>
> Cc: keycloak-user at lists.jboss.org
> Sent: Wednesday, January 21, 2015 6:05:30 PM
> Subject: Re: [keycloak-user] Delegated SAML authentication?
> 
> Bill - identity brokering is something that we need today. Is it possible to
> release an alpha or beta version of that functionality earlier than March so
> that we can start integration work now? Unfortunately we can't build from
> source and look for binaries from you.

Once we have 1.1.0.Final released, which is hopefully this or next week, we should be able to release something.

> 
> Thanks
> Raghu
> 
> Sent from my iPhone
> 
> > On Jan 21, 2015, at 9:45 AM, Bill Burke <bburke at redhat.com> wrote:
> > 
> > Pedro has it working in master.  Won't be release until like March
> > though probably.
> > 
> >> On 1/21/2015 1:21 AM, Stian Thorgersen wrote:
> >> 
> >> 
> >> ----- Original Message -----
> >>> From: "Guy Davis" <guydavis.ca at gmail.com>
> >>> To: keycloak-user at lists.jboss.org
> >>> Sent: Wednesday, 21 January, 2015 6:08:50 AM
> >>> Subject: [keycloak-user] Delegated SAML authentication?
> >>> 
> >>> Good day,
> >>> 
> >>> With the upcoming Keycloak 1.10, I see SAML support has been added to
> >>> KeyCloak. Will it be possible to have Keycloak delegate to another IDP
> >>> such
> >>> as MS Azure ADFS or OneLogin? Ideally, I'd like to use KeyCloak by
> >>> default
> >>> for our JBoss deployments, but in certain cases, customers are asking for
> >>> integration with the MS Azure cloud authentication mechanisms.
> >> 
> >> It won't work for 1.1.0. We're working on that (identity brokering) for
> >> 1.2.0 where you'll be able to delegate to external OpenID Connect or SAML
> >> IdP's.
> >> 
> >>> 
> >>> Thanks in advance,
> >>> Guy
> >>> 
> >>> _______________________________________________
> >>> keycloak-user mailing list
> >>> keycloak-user at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >> _______________________________________________
> >> keycloak-user mailing list
> >> keycloak-user at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
> > 
> > --
> > Bill Burke
> > JBoss, a division of Red Hat
> > http://bill.burkecentral.com


> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> 
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> 


  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150122/b69cc1bd/attachment.html 


More information about the keycloak-user mailing list