[keycloak-user] SaaS idp brokering
mj
lists at merit.unu.edu
Mon Nov 19 09:44:07 EST 2018
Hi Dmitri,
Just to say thank you for your comments.
MJ
On 11/14/18 7:15 PM, Dmitry Telegin wrote:
>
> I used to work with PingIdentity (or rather on-premise PingFederate)
> and Okta, using SAML in both cases, and the results were perfect. For
> Okta, I'd recommend an excellent article by Michael Furman [1].
> Michael uses SAML too; don't know if you're going to use SAML or
> OpenID Connect, but in the latter case the process should be similar.
> Please read this [2] on the protocol choice.
>
> NB you can use whatever combination of protocols you like (OIDC at
> Keycloak + SAML at Saas IdP or vice versa), but probably unless
> you're seriously considering IdP-initiated login. In that case,
> things work more smoothly with pure SAML.
>
More information about the keycloak-user
mailing list