[keycloak-user] mapping roles received from remote IDP token to keycloak roles during Identity brokering ?

Stian Thorgersen stian at redhat.com
Wed May 20 02:24:07 EDT 2015 

Not much docs, see http://keycloak.github.io/docs/userguide/html/identity-broker.html#d4e1908

It's all configurable through the admin console and should hopefully be self explanatory.


----- Original Message -----
> From: "ROMELOT Didier" <didier.romelot at renault.com>
> To: "Stian Thorgersen" <stian at redhat.com>
> Cc: keycloak-user at lists.jboss.org
> Sent: Wednesday, 20 May, 2015 8:13:39 AM
> Subject: RE: [keycloak-user] mapping roles received from remote IDP token to keycloak roles during Identity brokering
> ?
> 
> Thanks for the answers; is there any documentation or sample that show how to
> implement that ?
> 
> regards
> 
> 
> -----Message d'origine-----
> De : Stian Thorgersen [mailto:stian at redhat.com]
> Envoyé : mercredi 20 mai 2015 06:45
> À : ROMELOT Didier
> Cc : keycloak-user at lists.jboss.org
> Objet : Re: [keycloak-user] mapping roles received from remote IDP token to
> keycloak roles during Identity brokering ?
> 
> 
> 
> ----- Original Message -----
> > From: "ROMELOT Didier" <didier.romelot at renault.com>
> > To: keycloak-user at lists.jboss.org
> > Sent: Tuesday, 19 May, 2015 5:16:49 PM
> > Subject: [keycloak-user] mapping roles received from remote IDP token to
> > keycloak roles during Identity brokering ?
> > 
> > 
> > 
> > Hi, we try to implement the following use case using keycloak identity
> > brokering functionnality :
> > 
> > 
> > 
> > - User request a resource to Service Provider, then select a remote
> > IDP (SAML IDP in our case based on PicketLink…) and authenticates on
> > this remote IDP
> > 
> > - Keycloak computes local Authentication / Identity Federation based
> > on Authentication Response from remote IDP
> > 
> > - During local authentication, Keycloak maps roles contained in the
> > Authentication response from remote IDP to roles defined in keycloak.
> > 
> > 
> > 
> > Does Keycloak support such scenario through mappers ?
> 
> Yes
> 
> > 
> > 
> > 
> > regards
> > 
> > 
> > -- Disclaimer ------------------------------------
> > Ce message ainsi que les eventuelles pieces jointes constituent une
> > correspondance privee et confidentielle a l'attention exclusive du
> > destinataire designe ci-dessus. Si vous n'etes pas le destinataire du
> > present message ou une personne susceptible de pouvoir le lui
> > delivrer, il vous est signifie que toute divulgation, distribution ou
> > copie de cette transmission est strictement interdite. Si vous avez
> > recu ce message par erreur, nous vous remercions d'en informer
> > l'expediteur par telephone ou de lui retourner le present message,
> > puis d'effacer immediatement ce message de votre systeme.
> > 
> > *** This e-mail and any attachments is a confidential correspondence
> > intended only for use of the individual or entity named above. If you
> > are not the intended recipient or the agent responsible for delivering
> > the message to the intended recipient, you are hereby notified that
> > any disclosure, distribution or copying of this communication is
> > strictly prohibited. If you have received this communication in error,
> > please notify the sender by phone or by replying this message, and then
> > delete this message from your system.
> > 
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> -- Disclaimer ------------------------------------
> Ce message ainsi que les eventuelles pieces jointes constituent une
> correspondance privee et confidentielle a l'attention exclusive du
> destinataire designe ci-dessus. Si vous n'etes pas le destinataire du
> present message ou une personne susceptible de pouvoir le lui delivrer, il
> vous est signifie que toute divulgation, distribution ou copie de cette
> transmission est strictement interdite. Si vous avez recu ce message par
> erreur, nous vous remercions d'en informer l'expediteur par telephone ou de
> lui retourner le present message, puis d'effacer immediatement ce message de
> votre systeme.
> 
> *** This e-mail and any attachments is a confidential correspondence intended
> only for use of the individual or entity named above. If you are not the
> intended recipient or the agent responsible for delivering the message to
> the intended recipient, you are hereby notified that any disclosure,
> distribution or copying of this communication is strictly prohibited. If you
> have received this communication in error, please notify the sender by phone
> or by replying this message, and then delete this message from your system.
>

More information about the keycloak-user mailing list