<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div><span></span></div><div id="yui_3_16_0_1_1421930101327_2518" dir="ltr">That would be great. Thank you vey much Stian. Just&nbsp;to give you more background&nbsp;and provide you my wishlist for the short term. </div><div id="yui_3_16_0_1_1421930101327_2493" dir="ltr">1) Identity brokering that will help us authenticate against diff stores. One of them would be Kerberos (SPNEGO). </div><div id="yui_3_16_0_1_1421930101327_2510" dir="ltr">2) Customization of&nbsp;claims in both SAML as well OpenID Connect responses for each application (client) -similar to what ADFS provides today for SAML. It provides a GUI to choose the store as well as the attributes for each relying party and also to map those attribute names to different values (cn can be mapped to "Name" for one client and "Full Name" for another) which will be reflected in the claims sent to the relying party.</div><div id="yui_3_16_0_1_1421930101327_2529" dir="ltr">3) OpenID Connect Interop (Today some of the endpoints do not fully adhere to the Spec)</div><div id="yui_3_16_0_1_1421930101327_2494" dir="ltr"><br></div><div id="yui_3_16_0_1_1421930101327_2498" dir="ltr">I believe you have all the above requests in your queue for 1.2 release or later&nbsp;but would appreciate if you can squeeze them in the&nbsp;next cycle of binaries.</div><div id="yui_3_16_0_1_1421930101327_2687" dir="ltr"><br></div><div dir="ltr">Regards,</div><div id="yui_3_16_0_1_1421930101327_2688" dir="ltr">Raghu</div><div id="yui_3_16_0_1_1421930101327_2462" style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div id="yui_3_16_0_1_1421930101327_2461" style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div id="yui_3_16_0_1_1421930101327_2460" dir="ltr"> <hr size="1" id="yui_3_16_0_1_1421930101327_2482">  <font id="yui_3_16_0_1_1421930101327_2459" face="Arial" size="2"> <b><span style="font-weight: bold;">From:</span></b> Stian Thorgersen &lt;stian@redhat.com&gt;<br> <b><span style="font-weight: bold;">To:</span></b> Raghuram Prabhala &lt;prabhalar@yahoo.com&gt; <br><b><span style="font-weight: bold;">Cc:</span></b> Bill Burke &lt;bburke@redhat.com&gt;; keycloak-user@lists.jboss.org <br> <b><span style="font-weight: bold;">Sent:</span></b> Thursday, January 22, 2015 2:24 AM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [keycloak-user] Delegated SAML authentication?<br> </font> </div> <div class="y_msg_container" id="yui_3_16_0_1_1421930101327_2471"><br><br clear="none"><br clear="none">----- Original Message -----<br clear="none">&gt; From: "Raghuram Prabhala" &lt;<a href="mailto:prabhalar@yahoo.com" shape="rect" ymailto="mailto:prabhalar@yahoo.com">prabhalar@yahoo.com</a>&gt;<br clear="none">&gt; To: "Bill Burke" &lt;<a href="mailto:bburke@redhat.com" shape="rect" ymailto="mailto:bburke@redhat.com">bburke@redhat.com</a>&gt;<br clear="none">&gt; Cc: <a href="mailto:keycloak-user@lists.jboss.org" shape="rect" ymailto="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br clear="none">&gt; Sent: Wednesday, January 21, 2015 6:05:30 PM<br clear="none">&gt; Subject: Re: [keycloak-user] Delegated SAML authentication?<br clear="none">&gt; <br clear="none">&gt; Bill - identity brokering is something that we need today. Is it possible to<br clear="none">&gt; release an alpha or beta version of that functionality earlier than March so<br clear="none">&gt; that we can start integration work now? Unfortunately we can't build from<br clear="none">&gt; source and look for binaries from you.<br clear="none"><br clear="none">Once we have 1.1.0.Final released, which is hopefully this or next week, we should be able to release something.<br clear="none"><br clear="none">&gt; <br clear="none">&gt; Thanks<br clear="none">&gt; Raghu<br clear="none">&gt; <br clear="none">&gt; Sent from my iPhone<br clear="none">&gt; <br clear="none">&gt; &gt; On Jan 21, 2015, at 9:45 AM, Bill Burke &lt;<a href="mailto:bburke@redhat.com" shape="rect" ymailto="mailto:bburke@redhat.com">bburke@redhat.com</a>&gt; wrote:<br clear="none">&gt; &gt; <br clear="none">&gt; &gt; Pedro has it working in master.&nbsp; Won't be release until like March<br clear="none">&gt; &gt; though probably.<br clear="none">&gt; &gt; <br clear="none">&gt; &gt;&gt; On 1/21/2015 1:21 AM, Stian Thorgersen wrote:<br clear="none">&gt; &gt;&gt; <br clear="none">&gt; &gt;&gt; <br clear="none">&gt; &gt;&gt; ----- Original Message -----<br clear="none">&gt; &gt;&gt;&gt; From: "Guy Davis" &lt;<a href="mailto:guydavis.ca@gmail.com" shape="rect" ymailto="mailto:guydavis.ca@gmail.com">guydavis.ca@gmail.com</a>&gt;<br clear="none">&gt; &gt;&gt;&gt; To: <a href="mailto:keycloak-user@lists.jboss.org" shape="rect" ymailto="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br clear="none">&gt; &gt;&gt;&gt; Sent: Wednesday, 21 January, 2015 6:08:50 AM<br clear="none">&gt; &gt;&gt;&gt; Subject: [keycloak-user] Delegated SAML authentication?<br clear="none">&gt; &gt;&gt;&gt; <br clear="none">&gt; &gt;&gt;&gt; Good day,<br clear="none">&gt; &gt;&gt;&gt; <br clear="none">&gt; &gt;&gt;&gt; With the upcoming Keycloak 1.10, I see SAML support has been added to<br clear="none">&gt; &gt;&gt;&gt; KeyCloak. Will it be possible to have Keycloak delegate to another IDP<br clear="none">&gt; &gt;&gt;&gt; such<br clear="none">&gt; &gt;&gt;&gt; as MS Azure ADFS or OneLogin? Ideally, I'd like to use KeyCloak by<br clear="none">&gt; &gt;&gt;&gt; default<br clear="none">&gt; &gt;&gt;&gt; for our JBoss deployments, but in certain cases, customers are asking for<br clear="none">&gt; &gt;&gt;&gt; integration with the MS Azure cloud authentication mechanisms.<br clear="none">&gt; &gt;&gt; <br clear="none">&gt; &gt;&gt; It won't work for 1.1.0. We're working on that (identity brokering) for<br clear="none">&gt; &gt;&gt; 1.2.0 where you'll be able to delegate to external OpenID Connect or SAML<br clear="none">&gt; &gt;&gt; IdP's.<br clear="none">&gt; &gt;&gt; <br clear="none">&gt; &gt;&gt;&gt; <br clear="none">&gt; &gt;&gt;&gt; Thanks in advance,<br clear="none">&gt; &gt;&gt;&gt; Guy<br clear="none">&gt; &gt;&gt;&gt; <br clear="none">&gt; &gt;&gt;&gt; _______________________________________________<br clear="none">&gt; &gt;&gt;&gt; keycloak-user mailing list<br clear="none">&gt; &gt;&gt;&gt; <a href="mailto:keycloak-user@lists.jboss.org" shape="rect" ymailto="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br clear="none">&gt; &gt;&gt;&gt; <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank" shape="rect">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br clear="none">&gt; &gt;&gt; _______________________________________________<br clear="none">&gt; &gt;&gt; keycloak-user mailing list<br clear="none">&gt; &gt;&gt; <a href="mailto:keycloak-user@lists.jboss.org" shape="rect" ymailto="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br clear="none">&gt; &gt;&gt; <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank" shape="rect">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br clear="none">&gt; &gt; <br clear="none">&gt; &gt; --<br clear="none">&gt; &gt; Bill Burke<br clear="none">&gt; &gt; JBoss, a division of Red Hat<br clear="none">&gt; &gt; <a href="http://bill.burkecentral.com/" target="_blank" shape="rect">http://bill.burkecentral.com</a><div class="qtdSeparateBR"><br><br></div><div class="yqt9913080275" id="yqtfd62725"><br clear="none">&gt; &gt; _______________________________________________<br clear="none">&gt; &gt; keycloak-user mailing list<br clear="none">&gt; &gt; <a href="mailto:keycloak-user@lists.jboss.org" shape="rect" ymailto="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br clear="none">&gt; &gt; <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank" shape="rect">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br clear="none">&gt; <br clear="none">&gt; _______________________________________________<br clear="none">&gt; keycloak-user mailing list<br clear="none">&gt; <a href="mailto:keycloak-user@lists.jboss.org" shape="rect" ymailto="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br clear="none">&gt; <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank" shape="rect">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br clear="none">&gt; <br clear="none"></div><br><br></div> </div> </div>  </div></body></html>