Hi all
First, thanks to all Keycloak committers and contributors. We like Keycloak very much and
have used it in many projects.
The documentation says that the "Token Exchange" [1] feature is in Technology
Preview only and the "External Token to Internal Token Exchange" [2] feature for
SAML identity providers is not supported but may be added.
In a customer project we have exactly the requirement for exchange a SAML v2 Assertion
with a JWT. Because of that we are investigating in implementing this feature either as a
project specific solution or as a contribution.
As there is no SPI for this requirement, I guess a fork is necessary for changing the
method org.keycloak.protocol.oidc.endpoints.TokenEndpoint#tokenExchange, so that not only
subject tokens of type "urn:ietf:params:oauth:token-type:jwt" are accepted.
Any hints or tips on this topic are very welcomed.
Best regards
Edwin
[1]
file:///Users/esteiner/Documents/Github/Keycloak/keycloak-documentation/target/securing_apps/index.html#_token-exchange
[2]
file:///Users/esteiner/Documents/Github/Keycloak/keycloak-documentation/target/securing_apps/index.html#external-token-to-internal-token-exchange
--
Edwin Steiner
Inventage AG | CH-8005 Zürich |
www.inventage.com