Re: [keycloak-dev] SAML as social login?
In theory that should work. The social login feature at the moment has only been tested
for OAuth and OAuth2 providers, so may need some tweaking for a SAML provider.
We're also assuming that a social provider is able to retrieve a basic user profile
(https://github.com/keycloak/keycloak/blob/master/social/google/src/main/j...),
but you could just return a username and require users to update their profile on first
social login ("Update profile on first social login" option on realm settings in
admin console).
In the future we plan to provide support for federation of authentication (other Keycloak
realms, SAML, LDAP, etc.), but this is a good way to get something working with what
Keycloak provides at the moment.
By the way at the moment the admin console has a hard-coded list of social providers, but
in the next release this will be dynamic. So all you'd need is to add a jar that
implements the social provider spi, and it will be available to configure it for a realm
through the admin console.
----- Original Message -----
From: "Matt Casperson" <mcaspers(a)redhat.com>
To: keycloak-dev(a)lists.jboss.org
Sent: Sunday, 2 February, 2014 8:56:48 PM
Subject: [keycloak-dev] SAML as social login?
If I am reading
https://github.com/keycloak/keycloak/blob/master/social/google/src/main/j...
correctly, the only thing needed for a Keycloak social login is a URL to a
login page that the user can be directed to when they are not logged in, and
to have that login page send back a response that Keycloak can use to verify
the user and get their details.
So if I had appropriate permissions to use https://saml.redhat.com/idp/,
could that be added as a social login?
Regards
Matthew Casperson
RHCE, RHCJA # 111-072-237
Engineering Content Services
Brisbane, Australia
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev