[keycloak-user] KeyCloak as an OIDC
Y Levine
ylevine20 at gmail.com
Thu Sep 14 15:25:22 EDT 2017
Yes --- looking for similar....
KeyCloak is the OIDC Identity Provider --- Applications integrate against
KeyCloak via OIDC --- users would authenticate directly against login page
on KeyCloak - redirected back to SP.....ala Google login process to
Stackoverflow (however in this case KeyCloak is the IDP for our
organization's login/password).
If there are steps that can describe how above can be configured will be
much appreciated.
On Thu, Sep 14, 2017 at 3:04 AM, Anton <kurrent93 at gmail.com> wrote:
> I cant speak for OP, but it sounds like a question I asked a while ago:
>
> I'm looking to build an application ( identity provider) that will have
> user accounts. So, where as the typical example is a user links their
> Facebook, or LinkedIn account to a Keycloak account. Im interested in
> making an Identity Provider - comparable to Facebook, LinkedIn - interns of
> supporting the OIDC protocol - so that user can link these accounts.
>
> Users then should then be able to link their account to a parent account.
>
> I have been reading http://www.keycloak.org/docs/3.1/server_
> development/topics/identity-brokering/account-linking.html and see that
> this is possible.
>
> I have a few questions. On the docs it says:
>
> > The application must already be logged in as an existing user via the
> OIDC
> > protocol
> >
> How does an application login as a user?
> Does this mean the user must be logged into the Identity provider
> application?
>
> Am I correct in assuming the Identity Provider application needs to
> implement the OIDC Protocol? Is this something Keycloak can do? Are there
> any examples of this?
>
> On 14 September 2017 at 21:29, Simon Payne <simonpayne58 at gmail.com> wrote:
>
> > I think the OP is referring to identity brokering where keycloak is used
> to
> > broker other identity providers which follow the OIDC protocol. One of
> > these brokered identity provider can be another keycloak server.
> >
> > On Thu, Sep 14, 2017 at 10:16 AM, Sebastien Blanc <sblanc at redhat.com>
> > wrote:
> >
> > > As Stian said , KC is already a OIDC Idp, nothing to do here. Once your
> > > realm has been created, you can see the OIDC endpoints here :
> > >
> > > /auth/realms/your_realm/.well-known/openid-configuration
> > >
> > > Or was this not the question ?
> > >
> > > Sebi
> > >
> > > On Thu, Sep 14, 2017 at 12:15 AM, Anton <kurrent93 at gmail.com> wrote:
> > >
> > > > I'm also interested in this.
> > > > If I understand OPs question correctly, he wants to know how to be an
> > > > Identity Provider that supports OIDC Protocol.
> > > >
> > > > For example - in the section on User initiated linked accounts - the
> > > > example is that the user links their Facebook account. How to create
> an
> > > > equivalent, OIDC-ly speaking, of Facebook?
> > > >
> > > > On 13 September 2017 at 15:41, Stian Thorgersen <sthorger at redhat.com
> >
> > > > wrote:
> > > >
> > > > > What are you actually trying to do? Keycloak is an OIDC IDP
> > > > >
> > > > > On 12 September 2017 at 17:59, Y Levine <ylevine20 at gmail.com>
> wrote:
> > > > >
> > > > > > I have read
> > > > > > http://www.keycloak.org/docs/3.2/securing_apps/topics/oidc/
> > > > > > oidc-overview.html
> > > > > >
> > > > > > I may have misread as it appears to list connectors to KeyCloak's
> > > OIDC
> > > > > > ....but how do we configure KeyCloak to be the OIDC IdP?
> > > > > > _______________________________________________
> > > > > > keycloak-user mailing list
> > > > > > keycloak-user at lists.jboss.org
> > > > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > > > >
> > > > > _______________________________________________
> > > > > keycloak-user mailing list
> > > > > keycloak-user at lists.jboss.org
> > > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > > >
> > > > _______________________________________________
> > > > keycloak-user mailing list
> > > > keycloak-user at lists.jboss.org
> > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list