[keycloak-user] Keycloak as IdP Proxy

Bill Burke bburke at redhat.com
Wed Sep 21 19:58:58 EDT 2016 

Currently an import is required.  On roadmap to import user only for 
duration of user session in memory.


On 9/21/16 7:18 PM, Adam Keily wrote:
>
> Thanks Stian. Is it essential that a user is created in the Identity 
> Broker?
>
> e.g.
>
> 1.SP directs the user to the broker for login
>
> 2.User selects one of the identity providers at the broker
>
> 3.Logs in to the IdP
>
> 4.Broker accepts the login and passes attributes / roles directly 
> through to the SP without creating a new user in the broker db?
>
> I’m trying to avoid ending up with multiple accounts in the broker IdP 
> for the same user depending on which IdP they auth from.
>
> Thanks
>
> Adam
>
> *From:*Stian Thorgersen [mailto:sthorger at redhat.com]
> *Sent:* Wednesday, 21 September 2016 3:50 PM
> *To:* Adam Keily <adam.keily at adelaide.edu.au>
> *Cc:* keycloak-user at lists.jboss.org
> *Subject:* Re: [keycloak-user] Keycloak as IdP Proxy
>
> Yes, we call it identity brokering. See 
> https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/identity-broker.html
>
> On 21 September 2016 at 07:52, Adam Keily <adam.keily at adelaide.edu.au 
> <mailto:adam.keily at adelaide.edu.au>> wrote:
>
>     Is it possible to configure keycloak as an IdP proxy?
>
>     e.g. https://spaces.internet2.edu/display/GS/SAMLIdPProxy
>
>     We’re thinking about using two keycloak realms, one for our
>     institutional users and one for externally registered users but
>     some SP’s can only handle a single IdP.
>
>     Any thoughts appreciated.
>
>     Regards
>
>     Adam
>
>
>     _______________________________________________
>     keycloak-user mailing list
>     keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160921/5599e025/attachment-0001.html

More information about the keycloak-user mailing list