7:22 a.m.
That would be great. Thank you vey much Stian. Just to give you more background and
provide you my wishlist for the short term. 1) Identity brokering that will help us
authenticate against diff stores. One of them would be Kerberos (SPNEGO). 2) Customization
of claims in both SAML as well OpenID Connect responses for each application (client)
-similar to what ADFS provides today for SAML. It provides a GUI to choose the store as
well as the attributes for each relying party and also to map those attribute names to
different values (cn can be mapped to "Name" for one client and "Full
Name" for another) which will be reflected in the claims sent to the relying party.3)
OpenID Connect Interop (Today some of the endpoints do not fully adhere to the Spec)
I believe you have all the above requests in your queue for 1.2 release or later but would
appreciate if you can squeeze them in the next cycle of binaries.
Regards,Raghu From: Stian Thorgersen <stian(a)redhat.com>
To: Raghuram Prabhala <prabhalar(a)yahoo.com>
Cc: Bill Burke <bburke(a)redhat.com>; keycloak-user(a)lists.jboss.org
Sent: Thursday, January 22, 2015 2:24 AM
Subject: Re: [keycloak-user] Delegated SAML authentication?
----- Original Message -----
From: "Raghuram Prabhala" <prabhalar(a)yahoo.com>
To: "Bill Burke" <bburke(a)redhat.com>
Cc: keycloak-user(a)lists.jboss.org
Sent: Wednesday, January 21, 2015 6:05:30 PM
Subject: Re: [keycloak-user] Delegated SAML authentication?
Bill - identity brokering is something that we need today. Is it possible to
release an alpha or beta version of that functionality earlier than March so
that we can start integration work now? Unfortunately we can't build from
source and look for binaries from you.
Once we have 1.1.0.Final released, which is hopefully this or next week, we should be able
to release something.
Thanks
Raghu
Sent from my iPhone
> On Jan 21, 2015, at 9:45 AM, Bill Burke <bburke(a)redhat.com> wrote:
>
> Pedro has it working in master. Won't be release until like March
> though probably.
>
>> On 1/21/2015 1:21 AM, Stian Thorgersen wrote:
>>
>>
>> ----- Original Message -----
>>> From: "Guy Davis" <guydavis.ca(a)gmail.com>
>>> To: keycloak-user(a)lists.jboss.org
>>> Sent: Wednesday, 21 January, 2015 6:08:50 AM
>>> Subject: [keycloak-user] Delegated SAML authentication?
>>>
>>> Good day,
>>>
>>> With the upcoming Keycloak 1.10, I see SAML support has been added to
>>> KeyCloak. Will it be possible to have Keycloak delegate to another IDP
>>> such
>>> as MS Azure ADFS or OneLogin? Ideally, I'd like to use KeyCloak by
>>> default
>>> for our JBoss deployments, but in certain cases, customers are asking for
>>> integration with the MS Azure cloud authentication mechanisms.
>>
>> It won't work for 1.1.0. We're working on that (identity brokering) for
>> 1.2.0 where you'll be able to delegate to external OpenID Connect or SAML
>> IdP's.
>>
>>>
>>> Thanks in advance,
>>> Guy
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user