<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 8.12.2014 21:32, Bellan Saravanan
wrote:<br>
</div>
<blockquote cite="mid:COL126-W51A866F80245915A5A2154B5640@phx.gbl"
type="cite">
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style>
<div dir="ltr">Hello,
<div><br>
</div>
<div>The latest release notes talk about multi tenant
enhancements like supporting multiple realms for a single
application. Is it possible for a realm to delegate the
authentication to a external identity provider like Ping or
Okta (using SAML or OpenID Connect) providing some kind of
identity federation. <br>
</div>
</div>
</blockquote>
The work on this is already in progress and hopefully will be in
next version.<br>
<br>
Marek<br>
<blockquote cite="mid:COL126-W51A866F80245915A5A2154B5640@phx.gbl"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>One of the requirements for our app is that one or more of
out tenants can use their own AD directory for authenticating
users into our service. Eventhough keycloak has support for
LDAP/AD, I'm not sure if customers will open up their
directory for direct connectivity from our cloud service into
their on premise AD. </div>
<div><br>
</div>
<div>Thanks,</div>
<div><br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</body>
</html>