Re: [keycloak-user] How do I integrate with a SAML federation

Hi Stephen, Was just browsing past threads. You’ve probably solved it by now but hopefully this helps others! We are using a SATOSA proxy to integrate with eduGAIN, which acts as an Identity Provider to our Keycloak instance: https://github.com/IdentityPython/SATOSA In addition we use PyFF to handle the metadata: https://github.com/IdentityPython/pyFF The benefit of using these tools is because they are maintained by the eduGAIN community and natively support many of the quirks found in Identity Federations (both technically and in terms of trust and policy). Cheers, Hannah > On 17 Jun 2019, at 14:48, BOOTH Stephen <s.booth(a)epcc.ed.ac.uk > <mailto:s.booth@epcc.ed.ac.uk>> wrote: > > I'm wanting configure keycloak to use authenticate against a SAML > federation (externally curated set of IdPs) rather than a single SAML > IdP. Specifically I want to support EduGAIN. > > Is this something that keycloak supports natively? The form for > configuring a SAML Identity provider appears to assume a single IdP. > > If not, does anyone have any suggestions for the best approach to > bridging a shibboleth SP into something keycloak can use as an Identity > provider. > > Stephen > > -- > ====================================================================== > |epcc| Dr Stephen P Booth             Principal Architect       |epcc| > |epcc| s.booth(a)epcc.ed.ac.uk <mailto:s.booth@epcc.ed.ac.uk> >          Phone 0131 650 5746       |epcc| > ====================================================================== > -- > The University of Edinburgh is a charitable body, registered in > Scotland, with registration number SC005336. > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org> > https://lists.jboss.org/mailman/listinfo/keycloak-user