Re: [keycloak-user] SaaS idp brokering
Hello MJ,
Quick question: do you plan to decommission both your Keycloak and sister institute's
IdP, and migrate everything to a SaaS IdP? Or you want both your IdPs broker to SaaS? Or
is your sister institute going to migrate to SaaS IdP, and you have to broker to it from
your Keycloak?
All the options are viable and will do the job. As always, each has benefits and
drawbacks.
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
On Tue, 2018-11-13 at 10:23 +0100, mj wrote:
Hi,
This question is slightly off-topic, I hope it's allowed to ask here.
We are using keycloak as an IdP, loving it. One of our sister institutes
is using another (openid connect / saml2 compatible) IdP.
Now a new project: Trying to achieve web SSO across both institutes, for
several web applications, mostly supporting only one single IdP.
We have made a PoC using keycloak's brokering function, and it worked
nicely. However, our sister institute prefers a SaaS solution.
I've done my googling, but terminology is confusingly different:
- onelogin ("trusted IdP")
- okta ("inbound federation")
- gluu ("inbound identity")
and obviously
- keycloak ("IdP brokering") (but not saas)
and I am not even sure that the above solution are really the same as
keycloak's IdP brokering, and that they would solve our SSO requirement.
(doing a PoC would be the next step)
So I am asking for recommendations from the guru's here. What are the
do's and don't for something like this? Perhaps suggestions what to look
for, what to avoid, what other products to take a look at, etc, etc.
Insights?
Thanks very much in advance, and again: apologies for being a bit
off-topic, hope not to offend anyone.
MJ
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user