[keycloak-user] SaaS idp brokering

mj lists at merit.unu.edu
Tue Nov 13 04:23:59 EST 2018


Hi,

This question is slightly off-topic, I hope it's allowed to ask here.

We are using keycloak as an IdP, loving it. One of our sister institutes 
is using another (openid connect / saml2 compatible) IdP.

Now a new project: Trying to achieve web SSO across both institutes, for 
several web applications, mostly supporting only one single IdP.

We have made a PoC using keycloak's brokering function, and it worked 
nicely. However, our sister institute prefers a SaaS solution.

I've done my googling, but terminology is confusingly different:
- onelogin  ("trusted IdP")
- okta ("inbound federation")
- gluu ("inbound identity")
and obviously
- keycloak ("IdP brokering") (but not saas)

and I am not even sure that the above solution are really the same as 
keycloak's IdP brokering, and that they would solve our SSO requirement. 
(doing a PoC would be the next step)

So I am asking for recommendations from the guru's here. What are the 
do's and don't for something like this? Perhaps suggestions what to look 
for, what to avoid, what other products to take a look at, etc, etc.

Insights?

Thanks very much in advance, and again: apologies for being a bit 
off-topic, hope not to offend anyone.

MJ


More information about the keycloak-user mailing list