Re: [keycloak-dev] SAML as social login?
I guess this would be interesting in the case where your federated IDP
didn't have role and session mgmt, single sign off, oauth/openid connect
support? Would Keycloak offer enough value add in this scenario?
On 2/4/2014 7:30 AM, Stian Thorgersen wrote:
In theory that should work. The social login feature at the moment
has only been tested for OAuth and OAuth2 providers, so may need some tweaking for a SAML
provider.
We're also assuming that a social provider is able to retrieve a basic user profile
(https://github.com/keycloak/keycloak/blob/master/social/google/src/main/j...),
but you could just return a username and require users to update their profile on first
social login ("Update profile on first social login" option on realm settings in
admin console).
In the future we plan to provide support for federation of authentication (other Keycloak
realms, SAML, LDAP, etc.), but this is a good way to get something working with what
Keycloak provides at the moment.
By the way at the moment the admin console has a hard-coded list of social providers, but
in the next release this will be dynamic. So all you'd need is to add a jar that
implements the social provider spi, and it will be available to configure it for a realm
through the admin console.
----- Original Message -----
> From: "Matt Casperson" <mcaspers(a)redhat.com>
> To: keycloak-dev(a)lists.jboss.org
> Sent: Sunday, 2 February, 2014 8:56:48 PM
> Subject: [keycloak-dev] SAML as social login?
>
> If I am reading
>
https://github.com/keycloak/keycloak/blob/master/social/google/src/main/j...
> correctly, the only thing needed for a Keycloak social login is a URL to a
> login page that the user can be directed to when they are not logged in, and
> to have that login page send back a response that Keycloak can use to verify
> the user and get their details.
>
> So if I had appropriate permissions to use https://saml.redhat.com/idp/,
> could that be added as a social login?
>
> Regards
>
> Matthew Casperson
> RHCE, RHCJA # 111-072-237
> Engineering Content Services
> Brisbane, Australia
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com