[keycloak-user] Google as identity provider
Thomas Raehalme
thomas.raehalme at aitiofinland.com
Wed Apr 20 04:52:58 EDT 2016
Hi!
Some time ago I had a similar enquiry but the response was that every realm
should have its own configuration in Google. This does add quite a lot of
configuration overhead regarding SaaS applications and I would also like to
see the state parameter being used to transfer the realm.
You can find the discussion here:
http://lists.jboss.org/pipermail/keycloak-dev/2016-January/006301.html
Best regards,
Thomas
On Wed, Apr 20, 2016 at 11:37 AM, Martijn Claus <m.claus at smile.nl> wrote:
> Hello,
>
>
>
> I’ve got a question regarding the identity provider google (and maybe
> others). We are building a multi-tenant saas environment where the tenants
> are dynamically added (which I think is a valid usecase). We use the
> keycloak admin api to create a realm per tenant. We want to use (amongst
> others) the google identity provider. For this you need to set up the
> callback url in the google api client. The problem is that the callback url
> is different for each realm and *Google does not allow wildcards in
> redirect urls.*
>
>
>
> The redirect url format now:
>
> http://ourserver:8080/auth/realms/{realm}/broker/google/endpoint
>
>
>
> I don’t want to dynamically add redirect urls to the google api account.
> Google has a solution for this, the client (ie KeyCloak) should use the
> “state” queryparameter to add the realm. But this is a change Keycloak
> needs to make imo.
>
>
>
> Someone with a related problem (not with keycloak)
>
>
> http://stackoverflow.com/questions/13652062/subdomain-in-google-console-redirect-uris/13769166#13769166
>
>
>
> Any thoughts on this problem?
>
>
>
> PS: I can imagine this holds also true for other identity providers, but
> Google was the first I tried.
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160420/409057c4/attachment.html
More information about the keycloak-user
mailing list