[keycloak-user] SAML Identity broker audience restriction condition checking
Georgi Matev
georgi.matev at dominodatalab.com
Fri Sep 13 01:34:31 EDT 2019
A couple of questions:
1. Is there a way to disable the audience restriction checking in SAML identity brokering?
We have a use case where we have a SAML IdP that is able to accept requests from multiple URLs and we are trying to use it to federate access to several SPs backed by different Keycloak instances. Unfortunately the IdP is not able to change the AudienceRestriction attribute dynamically. If there is a way to disable the check in Keycloak that will unblock us.
1. Somewhat related, can a Keycloak SP process an assertion with an audience restriction that has multiple values?
The problem at https://access.redhat.com/solutions/4177341 (can’t see the solution) seems to imply that there is an issue.
Would test it myself but do not have a convenient way to set this up.
Thanks,
-Georgi
More information about the keycloak-user
mailing list