[keycloak-user] Delegated SAML authentication?

Stian Thorgersen stian at redhat.com
Thu Jan 22 09:05:27 EST 2015



----- Original Message -----
> From: "Raghu Prabhala" <prabhalar at yahoo.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: "Bill Burke" <bburke at redhat.com>, keycloak-user at lists.jboss.org
> Sent: Thursday, January 22, 2015 2:22:51 PM
> Subject: Re: [keycloak-user] Delegated SAML authentication?
> 
> That would be great. Thank you vey much Stian. Just to give you more
> background and provide you my wishlist for the short term. 1) Identity
> brokering that will help us authenticate against diff stores. One of them
> would be Kerberos (SPNEGO). 2) Customization of claims in both SAML as well
> OpenID Connect responses for each application (client) -similar to what ADFS
> provides today for SAML. It provides a GUI to choose the store as well as
> the attributes for each relying party and also to map those attribute names
> to different values (cn can be mapped to "Name" for one client and "Full
> Name" for another) which will be reflected in the claims sent to the relying
> party.3) OpenID Connect Interop (Today some of the endpoints do not fully
> adhere to the Spec)
> I believe you have all the above requests in your queue for 1.2 release or
> later but would appreciate if you can squeeze them in the next cycle of
> binaries.

All of those are scheduled for the not so distant future, but I can't guarantee they'll all be included in 1.2.

> Regards,Raghu     From: Stian Thorgersen <stian at redhat.com>
>  To: Raghuram Prabhala <prabhalar at yahoo.com>
> Cc: Bill Burke <bburke at redhat.com>; keycloak-user at lists.jboss.org
>  Sent: Thursday, January 22, 2015 2:24 AM
>  Subject: Re: [keycloak-user] Delegated SAML authentication?
>    
> 
> 
> ----- Original Message -----
> > From: "Raghuram Prabhala" <prabhalar at yahoo.com>
> > To: "Bill Burke" <bburke at redhat.com>
> > Cc: keycloak-user at lists.jboss.org
> > Sent: Wednesday, January 21, 2015 6:05:30 PM
> > Subject: Re: [keycloak-user] Delegated SAML authentication?
> > 
> > Bill - identity brokering is something that we need today. Is it possible
> > to
> > release an alpha or beta version of that functionality earlier than March
> > so
> > that we can start integration work now? Unfortunately we can't build from
> > source and look for binaries from you.
> 
> Once we have 1.1.0.Final released, which is hopefully this or next week, we
> should be able to release something.
> 
> > 
> > Thanks
> > Raghu
> > 
> > Sent from my iPhone
> > 
> > > On Jan 21, 2015, at 9:45 AM, Bill Burke <bburke at redhat.com> wrote:
> > > 
> > > Pedro has it working in master.  Won't be release until like March
> > > though probably.
> > > 
> > >> On 1/21/2015 1:21 AM, Stian Thorgersen wrote:
> > >> 
> > >> 
> > >> ----- Original Message -----
> > >>> From: "Guy Davis" <guydavis.ca at gmail.com>
> > >>> To: keycloak-user at lists.jboss.org
> > >>> Sent: Wednesday, 21 January, 2015 6:08:50 AM
> > >>> Subject: [keycloak-user] Delegated SAML authentication?
> > >>> 
> > >>> Good day,
> > >>> 
> > >>> With the upcoming Keycloak 1.10, I see SAML support has been added to
> > >>> KeyCloak. Will it be possible to have Keycloak delegate to another IDP
> > >>> such
> > >>> as MS Azure ADFS or OneLogin? Ideally, I'd like to use KeyCloak by
> > >>> default
> > >>> for our JBoss deployments, but in certain cases, customers are asking
> > >>> for
> > >>> integration with the MS Azure cloud authentication mechanisms.
> > >> 
> > >> It won't work for 1.1.0. We're working on that (identity brokering) for
> > >> 1.2.0 where you'll be able to delegate to external OpenID Connect or
> > >> SAML
> > >> IdP's.
> > >> 
> > >>> 
> > >>> Thanks in advance,
> > >>> Guy
> > >>> 
> > >>> _______________________________________________
> > >>> keycloak-user mailing list
> > >>> keycloak-user at lists.jboss.org
> > >>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >> _______________________________________________
> > >> keycloak-user mailing list
> > >> keycloak-user at lists.jboss.org
> > >> https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > 
> > > --
> > > Bill Burke
> > > JBoss, a division of Red Hat
> > > http://bill.burkecentral.com
> 
> 
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > 
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > 
> 
> 
> 



More information about the keycloak-user mailing list