<div dir="ltr">We don't have a token exchange facility, but we have support for authenticating with external IdPs through what we call identity brokering. It supports SAMLv2 IdPs only though.<div><br></div><div>We do have SPIs that let you customize/extend Keycloak. For your use-case I could think of two options:</div><div>1. Add a custom authenticator for direct grant flow that allows authenticating by passing a SAML v1.1 token - see <a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html">http://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html</a> for more info</div><div>2. Add a custom identity broker provider that allows users to login through an external SAMLv1.1 IdP</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 5 February 2016 at 10:52, Porfyrios Vasileiou <span dir="ltr"><<a href="mailto:porfyrios.vasileiou@gmail.com" target="_blank">porfyrios.vasileiou@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello, I have a project that includes 2 client applications. <br><br>In ONLY ONE of the clients(web application in angular) users login via a 3rd party authorization server that also has a login procedure where the user logs in and it returns an saml v1.1 xml token and then they can access the client. (This procedure cannot be changed) But i want this client to also be secured with keycloak so i can have a token that i can pass to my rest services that are also secured with keycloak.<br><br>Can i convert this saml v1.1 token to oauth2 via keycloak?<br><br>Once we have logged in I want to login this user to keycloak programmatically and get an oauth2 token instead that can be used for the rest services requests in the Bearer authentication header. How can i do this?<br><br>I also want to say that the keycloak is setup to use the same active directory that the 3rd party authorization server is using to authenticate the users.<br><br><div>Is this possible? <br><br>Thanks, Porfyrios</div></div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>