[keycloak-user] Proxying SAML Login

Bill Burke bburke at redhat.com
Tue Feb 23 09:08:58 EST 2016


Ok, i read your post too quick last time sorry.  The Idnetity Provider 
SPIs only Keycloak delegating authentication to a "parent" IDP (like how 
social login works).  You can't have Keycloak UI screens in front of a 
"parent" IDP using this SPI.    What you can do is write a custom User 
Federation Provider.  Credentials can be acquired by the Keycloak UI and 
passed to whatever backend you need to validate them.

On 2/23/2016 12:52 AM, Sarp Kaya wrote:
> Hi,
>
> Identity Providers tab only have the SAML provider that I was talking
> about (which redirects you to SAML provider). If I go to User Federation
> there is no SAML there either, so mapping IDP to a User Federation does
> not seem possible. I could not find anywhere to set ³IDP Federation²,
> could you explain a little further?
>
> Kind Regards,
> Sarp Kaya
>
>
>> Date: Mon, 22 Feb 2016 09:04:18 -0500
>> From: Bill Burke <bburke at redhat.com>
>> Subject: Re: [keycloak-user] Proxying SAML Login
>> To: keycloak-user at lists.jboss.org
>> Message-ID: <56CB1562.2090106 at redhat.com>
>> Content-Type: text/plain; charset="windows-1252"
>>
>> Check the identity providers tab.  You can set u "IDP Federation".
>> Social login is under there too.
>>
>> On 2/22/2016 6:33 AM, Sarp Kaya wrote:
>>> Hi,
>>>
>>> I have looked around but couldn?t find what I was looking for.
>>> What I want to do is when user wants to login with IDP I still want
>>> the user to login via Keycloak UI and I want Keycloak to proxy the
>>> IDP. What makes sense to me is to have something like a new client
>>> which will use OpenID and then this client would proxy it to the IDP
>>> itself. Is this possible? If so then how can I do it?
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> -- 
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com



More information about the keycloak-user mailing list