Hi,
We would like to use keycloak as an identity broker in such a way that the identity
collected from the identity provider are not permanently stored, so to avoid a build-up of
identities stored on the broker.
Ideally, we would like:
· Keycloak, as identity broker to accept SAML assertion from one of several
identity providers
· To use (custom) authentication flows to normalise or transform some of the
attributes to create a new UserModel and consequentially a new SAML response back to the
service provider
· To not bring the UserModel (or any other personal details to rest in the
database), though we would accept storing just the unique ID of the user if we could avoid
storing other attributes, whilst still propagating them back to the service provider
· Ideally to make authorisation decisions based on groups or roles during the
process – and stopping the authentication if those fail
Leo
Show replies by date