Re: [keycloak-dev] SAML as social login?

From: "Bill Burke" <bburke(a)redhat.com&gt; To: keycloak-dev(a)lists.jboss.org Sent: Tuesday, 4 February, 2014 3:26:49 PM Subject: Re: [keycloak-dev] SAML as social login? I guess this would be interesting in the case where your federated IDP didn't have role and session mgmt, single sign off, oauth/openid connect support? Would Keycloak offer enough value add in this scenario?

On 2/4/2014 7:30 AM, Stian Thorgersen wrote: > In theory that should work. The social login feature at the moment has only > been tested for OAuth and OAuth2 providers, so may need some tweaking for > a SAML provider. > > We're also assuming that a social provider is able to retrieve a basic user > profile > (https://github.com/keycloak/keycloak/blob/master/social/google/src/main/j...), > but you could just return a username and require users to update their > profile on first social login ("Update profile on first social login" > option on realm settings in admin console). > > In the future we plan to provide support for federation of authentication > (other Keycloak realms, SAML, LDAP, etc.), but this is a good way to get > something working with what Keycloak provides at the moment. > > By the way at the moment the admin console has a hard-coded list of social > providers, but in the next release this will be dynamic. So all you'd need > is to add a jar that implements the social provider spi, and it will be > available to configure it for a realm through the admin console. > > ----- Original Message ----- >> From: "Matt Casperson" <mcaspers(a)redhat.com&gt; >> To: keycloak-dev(a)lists.jboss.org >> Sent: Sunday, 2 February, 2014 8:56:48 PM >> Subject: [keycloak-dev] SAML as social login? >> >> If I am reading >> https://github.com/keycloak/keycloak/blob/master/social/google/src/main/j... >> correctly, the only thing needed for a Keycloak social login is a URL to a >> login page that the user can be directed to when they are not logged in, >> and >> to have that login page send back a response that Keycloak can use to >> verify >> the user and get their details. >> >> So if I had appropriate permissions to use https://saml.redhat.com/idp/, >> could that be added as a social login? >> >> Regards >> >> Matthew Casperson >> RHCE, RHCJA # 111-072-237 >> Engineering Content Services >> Brisbane, Australia >> >> >> _______________________________________________ >> keycloak-dev mailing list >> keycloak-dev(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-dev > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev