[keycloak-user] Keycloak as IdP Proxy
Bill Burke
bburke at redhat.com
Wed Sep 21 19:58:58 EDT 2016
Currently an import is required. On roadmap to import user only for
duration of user session in memory.
On 9/21/16 7:18 PM, Adam Keily wrote:
>
> Thanks Stian. Is it essential that a user is created in the Identity
> Broker?
>
> e.g.
>
> 1.SP directs the user to the broker for login
>
> 2.User selects one of the identity providers at the broker
>
> 3.Logs in to the IdP
>
> 4.Broker accepts the login and passes attributes / roles directly
> through to the SP without creating a new user in the broker db?
>
> I’m trying to avoid ending up with multiple accounts in the broker IdP
> for the same user depending on which IdP they auth from.
>
> Thanks
>
> Adam
>
> *From:*Stian Thorgersen [mailto:sthorger at redhat.com]
> *Sent:* Wednesday, 21 September 2016 3:50 PM
> *To:* Adam Keily <adam.keily at adelaide.edu.au>
> *Cc:* keycloak-user at lists.jboss.org
> *Subject:* Re: [keycloak-user] Keycloak as IdP Proxy
>
> Yes, we call it identity brokering. See
> https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/identity-broker.html
>
> On 21 September 2016 at 07:52, Adam Keily <adam.keily at adelaide.edu.au
> <mailto:adam.keily at adelaide.edu.au>> wrote:
>
> Is it possible to configure keycloak as an IdP proxy?
>
> e.g. https://spaces.internet2.edu/display/GS/SAMLIdPProxy
>
> We’re thinking about using two keycloak realms, one for our
> institutional users and one for externally registered users but
> some SP’s can only handle a single IdP.
>
> Any thoughts appreciated.
>
> Regards
>
> Adam
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160921/5599e025/attachment-0001.html
More information about the keycloak-user
mailing list