[keycloak-user] Keycloak as an identity provider (either SAML or OpenID Connect)?

Виталий Ищенко betalb at gmail.com
Fri Jun 22 10:46:10 EDT 2018 

It really is, you can even use one realm as idp for other realm within the
same KC when doing identity brokering
пт, 22 июня 2018 г. в 10:04, Rafael Weingärtner <rafaelweingartner at gmail.com
>:

> Thanks for the answer Stian.
>
> From my readings and testing, it looks like Keycloak is able to have
> “multiple IdPs inside itself”. I mean, it uses the idea of “realms”, and
> they can have different configurations. Therefore, for an external client
> (SP), each realm will look like a different IdP. At least, that is my
> feeling when I discovered the “OpenID Connect discovery URL” (
> http://localhost:8080/auth/realms/master/.well-known/openid-configuration
> ).
>
> On Thu, Jun 21, 2018 at 10:28 AM, Stian Thorgersen <sthorger at redhat.com>
> wrote:
>
> > Of course Keycloak can stand on its own. Brokering is just an additional
> > optional thing.
> >
> > On 21 Jun 2018 9:33 am, "Rafael Weingärtner" <
> rafaelweingartner at gmail.com>
> > wrote:
> >
> > Hello, Keycloak community,
> >
> > I am evaluating Keycloak, and after some reading, I got the impression
> that
> > it supports OpenID Connect and SAML (which fits exactly on my
> requirement).
> > However, after installing it, and digging a little deeper in the
> > configuration overview, I got confused.
> >
> > I have used OpenID Connect before with MITREid implementation. So, when I
> > install and configure MITREid IdP, it will be working as an IdP for my
> > federation. I understand that key cloak can do identity brokering, which
> is
> > super nice, but what I wonder is the following. Is Keycloak prepared to
> be
> > an IdP out of the box with either SAML or OpenID Connect protocols? Or,
> > Does it depends on IdPs that implement those protocols to work?
> >
> > --
> > Rafael Weingärtner
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> >
> >
>
>
> --
> Rafael Weingärtner
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list