<html>

  <head>

    <meta content="text/html; charset=windows-1252"

      http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    <p>Currently an import is required.  On roadmap to import user only

      for duration of user session in memory.<br>

    </p>

    <br>

    <div class="moz-cite-prefix">On 9/21/16 7:18 PM, Adam Keily wrote:<br>

    </div>

    <blockquote

cite="mid:MEXPR01MB087017B4C1BE68B31BDB7D53CAF60@MEXPR01MB0870.ausprd01.prod.outlook.com"

      type="cite">

      <meta http-equiv="Content-Type" content="text/html;

        charset=windows-1252">

      <meta name="Generator" content="Microsoft Word 15 (filtered

        medium)">

      <style><!--

/* Font Definitions */

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0cm;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman",serif;}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:purple;

        text-decoration:underline;}

p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph

        {mso-style-priority:34;

        margin-top:0cm;

        margin-right:0cm;

        margin-bottom:0cm;

        margin-left:36.0pt;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman",serif;}

p.msonormal0, li.msonormal0, div.msonormal0

        {mso-style-name:msonormal;

        mso-margin-top-alt:auto;

        margin-right:0cm;

        mso-margin-bottom-alt:auto;

        margin-left:0cm;

        font-size:12.0pt;

        font-family:"Times New Roman",serif;}

span.hoenzb

        {mso-style-name:hoenzb;}

span.EmailStyle19

        {mso-style-type:personal-reply;

        font-family:"Calibri",sans-serif;

        color:windowtext;}

.MsoChpDefault

        {mso-style-type:export-only;

        font-family:"Calibri",sans-serif;

        mso-fareast-language:EN-US;}

@page WordSection1

        {size:612.0pt 792.0pt;

        margin:72.0pt 72.0pt 72.0pt 72.0pt;}

div.WordSection1

        {page:WordSection1;}

/* List Definitions */

@list l0

        {mso-list-id:900557147;

        mso-list-type:hybrid;

        mso-list-template-ids:-74662532 201916431 201916441 201916443 201916431 201916441 201916443 201916431 201916441 201916443;}

@list l0:level1

        {mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;}

@list l0:level2

        {mso-level-number-format:alpha-lower;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;}

@list l0:level3

        {mso-level-number-format:roman-lower;

        mso-level-tab-stop:none;

        mso-level-number-position:right;

        text-indent:-9.0pt;}

@list l0:level4

        {mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;}

@list l0:level5

        {mso-level-number-format:alpha-lower;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;}

@list l0:level6

        {mso-level-number-format:roman-lower;

        mso-level-tab-stop:none;

        mso-level-number-position:right;

        text-indent:-9.0pt;}

@list l0:level7

        {mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;}

@list l0:level8

        {mso-level-number-format:alpha-lower;

        mso-level-tab-stop:none;

        mso-level-number-position:left;

        text-indent:-18.0pt;}

@list l0:level9

        {mso-level-number-format:roman-lower;

        mso-level-tab-stop:none;

        mso-level-number-position:right;

        text-indent:-9.0pt;}

ol

        {margin-bottom:0cm;}

ul

        {margin-bottom:0cm;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

      <div class="WordSection1">

        <p class="MsoNormal"><span

style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;mso-fareast-language:EN-US">Thanks

            Stian. Is it essential that a user is created in the

            Identity Broker?<o:p></o:p></span></p>

        <p class="MsoNormal"><span

style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

        <p class="MsoNormal"><span

style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;mso-fareast-language:EN-US">e.g.<o:p></o:p></span></p>

        <p class="MsoNormal"><span

style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

        <p class="MsoListParagraph"

          style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span

style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;mso-fareast-language:EN-US"><span

              style="mso-list:Ignore">1.<span style="font:7.0pt

                &quot;Times New Roman&quot;">      

              </span></span></span><!--[endif]--><span

style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;mso-fareast-language:EN-US">SP

            directs the user to the broker for login<o:p></o:p></span></p>

        <p class="MsoListParagraph"

          style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span

style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;mso-fareast-language:EN-US"><span

              style="mso-list:Ignore">2.<span style="font:7.0pt

                &quot;Times New Roman&quot;">      

              </span></span></span><!--[endif]--><span

style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;mso-fareast-language:EN-US">User

            selects one of the identity providers at the broker<o:p></o:p></span></p>

        <p class="MsoListParagraph"

          style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span

style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;mso-fareast-language:EN-US"><span

              style="mso-list:Ignore">3.<span style="font:7.0pt

                &quot;Times New Roman&quot;">      

              </span></span></span><!--[endif]--><span

style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;mso-fareast-language:EN-US">Logs

            in to the IdP<o:p></o:p></span></p>

        <p class="MsoListParagraph"

          style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><!--[if !supportLists]--><span

style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;mso-fareast-language:EN-US"><span

              style="mso-list:Ignore">4.<span style="font:7.0pt

                &quot;Times New Roman&quot;">      

              </span></span></span><!--[endif]--><span

style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;mso-fareast-language:EN-US">Broker

            accepts the login and passes attributes / roles directly

            through to the SP without creating a new user in the broker

            db?<o:p></o:p></span></p>

        <p class="MsoNormal"><span

style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

        <p class="MsoNormal"><span

style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;mso-fareast-language:EN-US">I’m

            trying to avoid ending up with multiple accounts in the

            broker IdP for the same user depending on which IdP they

            auth from.<o:p></o:p></span></p>

        <p class="MsoNormal"><span

style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></p>

        <p class="MsoNormal"><span

style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;mso-fareast-language:EN-US">Thanks<o:p></o:p></span></p>

        <p class="MsoNormal"><span

style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;mso-fareast-language:EN-US">Adam<o:p></o:p></span></p>

        <p class="MsoNormal"><a moz-do-not-send="true"

            name="_MailEndCompose"><span

style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif;mso-fareast-language:EN-US"><o:p> </o:p></span></a></p>

        <p class="MsoNormal"><b><span

              style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif"

              lang="EN-US">From:</span></b><span

            style="font-size:11.0pt;font-family:&quot;Calibri&quot;,sans-serif"

            lang="EN-US"> Stian Thorgersen [<a class="moz-txt-link-freetext" href="mailto:sthorger@redhat.com">mailto:sthorger@redhat.com</a>]

            <br>

            <b>Sent:</b> Wednesday, 21 September 2016 3:50 PM<br>

            <b>To:</b> Adam Keily <a class="moz-txt-link-rfc2396E" href="mailto:adam.keily@adelaide.edu.au">&lt;adam.keily@adelaide.edu.au&gt;</a><br>

            <b>Cc:</b> <a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>

            <b>Subject:</b> Re: [keycloak-user] Keycloak as IdP Proxy<o:p></o:p></span></p>

        <p class="MsoNormal"><o:p> </o:p></p>

        <div>

          <p class="MsoNormal">Yes, we call it identity brokering. See <a

              moz-do-not-send="true"

href="https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/identity-broker.html">https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/identity-broker.html</a><o:p></o:p></p>

        </div>

        <div>

          <p class="MsoNormal"><o:p> </o:p></p>

          <div>

            <p class="MsoNormal">On 21 September 2016 at 07:52, Adam

              Keily &lt;<a moz-do-not-send="true"

                href="mailto:adam.keily@adelaide.edu.au" target="_blank">adam.keily@adelaide.edu.au</a>&gt;

              wrote:<o:p></o:p></p>

            <blockquote style="border:none;border-left:solid #CCCCCC

              1.0pt;padding:0cm 0cm 0cm

              6.0pt;margin-left:4.8pt;margin-right:0cm">

              <div>

                <div>

                  <p class="MsoNormal"

                    style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Is

                    it possible to configure keycloak as an IdP proxy?<o:p></o:p></p>

                  <p class="MsoNormal"

                    style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

                  <p class="MsoNormal"

                    style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">e.g.

                    <a moz-do-not-send="true"

                      href="https://spaces.internet2.edu/display/GS/SAMLIdPProxy"

                      target="_blank">https://spaces.internet2.edu/display/GS/SAMLIdPProxy</a><o:p></o:p></p>

                  <p class="MsoNormal"

                    style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

                  <p class="MsoNormal"

                    style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">We’re

                    thinking about using two keycloak realms, one for

                    our institutional users and one for externally

                    registered users but some SP’s can only handle a

                    single IdP.<o:p></o:p></p>

                  <p class="MsoNormal"

                    style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

                  <p class="MsoNormal"

                    style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Any

                    thoughts appreciated.<o:p></o:p></p>

                  <p class="MsoNormal"

                    style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"> <o:p></o:p></p>

                  <p class="MsoNormal"

                    style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto">Regards<o:p></o:p></p>

                  <p class="MsoNormal"

                    style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span

                      style="color:#888888">Adam<o:p></o:p></span></p>

                </div>

              </div>

              <p class="MsoNormal"><br>

                _______________________________________________<br>

                keycloak-user mailing list<br>

                <a moz-do-not-send="true"

                  href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>

                <a moz-do-not-send="true"

                  href="https://lists.jboss.org/mailman/listinfo/keycloak-user"

                  target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><o:p></o:p></p>

            </blockquote>

          </div>

          <p class="MsoNormal"><o:p> </o:p></p>

        </div>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

keycloak-user mailing list

<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>

<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>

    </blockquote>

    <br>

  </body>

</html>