[keycloak-user] KeyCloak as an OIDC
Anton
kurrent93 at gmail.com
Thu Sep 14 06:04:30 EDT 2017
I cant speak for OP, but it sounds like a question I asked a while ago:
I'm looking to build an application ( identity provider) that will have
user accounts. So, where as the typical example is a user links their
Facebook, or LinkedIn account to a Keycloak account. Im interested in
making an Identity Provider - comparable to Facebook, LinkedIn - interns of
supporting the OIDC protocol - so that user can link these accounts.
Users then should then be able to link their account to a parent account.
I have been reading http://www.keycloak.org/docs/3.1/server_
development/topics/identity-brokering/account-linking.html and see that
this is possible.
I have a few questions. On the docs it says:
> The application must already be logged in as an existing user via the OIDC
> protocol
>
How does an application login as a user?
Does this mean the user must be logged into the Identity provider
application?
Am I correct in assuming the Identity Provider application needs to
implement the OIDC Protocol? Is this something Keycloak can do? Are there
any examples of this?
On 14 September 2017 at 21:29, Simon Payne <simonpayne58 at gmail.com> wrote:
> I think the OP is referring to identity brokering where keycloak is used to
> broker other identity providers which follow the OIDC protocol. One of
> these brokered identity provider can be another keycloak server.
>
> On Thu, Sep 14, 2017 at 10:16 AM, Sebastien Blanc <sblanc at redhat.com>
> wrote:
>
> > As Stian said , KC is already a OIDC Idp, nothing to do here. Once your
> > realm has been created, you can see the OIDC endpoints here :
> >
> > /auth/realms/your_realm/.well-known/openid-configuration
> >
> > Or was this not the question ?
> >
> > Sebi
> >
> > On Thu, Sep 14, 2017 at 12:15 AM, Anton <kurrent93 at gmail.com> wrote:
> >
> > > I'm also interested in this.
> > > If I understand OPs question correctly, he wants to know how to be an
> > > Identity Provider that supports OIDC Protocol.
> > >
> > > For example - in the section on User initiated linked accounts - the
> > > example is that the user links their Facebook account. How to create an
> > > equivalent, OIDC-ly speaking, of Facebook?
> > >
> > > On 13 September 2017 at 15:41, Stian Thorgersen <sthorger at redhat.com>
> > > wrote:
> > >
> > > > What are you actually trying to do? Keycloak is an OIDC IDP
> > > >
> > > > On 12 September 2017 at 17:59, Y Levine <ylevine20 at gmail.com> wrote:
> > > >
> > > > > I have read
> > > > > http://www.keycloak.org/docs/3.2/securing_apps/topics/oidc/
> > > > > oidc-overview.html
> > > > >
> > > > > I may have misread as it appears to list connectors to KeyCloak's
> > OIDC
> > > > > ....but how do we configure KeyCloak to be the OIDC IdP?
> > > > > _______________________________________________
> > > > > keycloak-user mailing list
> > > > > keycloak-user at lists.jboss.org
> > > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > > >
> > > > _______________________________________________
> > > > keycloak-user mailing list
> > > > keycloak-user at lists.jboss.org
> > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list