Thanks Pedro,
I guess, then an alternative and a very good solution that keycloak
provides is to integrate the same SAML provider(which is being used by 3rd
party app) with Keycloak and extract the SAML token from it and pass on
this token to 3rd party app.
I followed the official doc:
https://www.keycloak.org/docs/4.5/server_admin/index.html#retrieving-exte...
After configuring the SAML provider, I turned on the Stored Tokens Readable
and Stored Tokens switches, however I am still receiving
*"errorMessage": "Client [myApp] not authorized to retrieve tokens from
identity provider [saml1]."*
In the doc there is 1 more configuration - "This access token will need to
have the broker client-level role read-token set" but I do not know where
to set this particular option. Any idea?
On Wed, Apr 17, 2019 at 5:30 PM Pedro Igor Silva <psilva(a)redhat.com> wrote:
If you want to exchange access/id tokens for saml assertions, the
token
exchange does not support SAML.
On Wed, Apr 17, 2019 at 4:48 AM Bruce Wings <testoauth55(a)gmail.com> wrote:
> I have successfully integrated few of my apps with keycloak (with OIDC
> tokens). However there is a 3rd party app which works on SAML tokens. I am
> wondering is it possible to use my existing keycloak system to send SAML
> tokens to this third party app?
> i.e. I want to use keycloak as IDP and SP and generate SAML tokens and
> send
> it to this 3rd party app. Is this scenario even possible?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>