Re: [keycloak-user] Keycloak as an identity provider (either SAML or OpenID Connect)?

:

Thanks for the answer Stian. From my readings and testing, it looks like Keycloak is able to have “multiple IdPs inside itself”. I mean, it uses the idea of “realms”, and they can have different configurations. Therefore, for an external client (SP), each realm will look like a different IdP. At least, that is my feeling when I discovered the “OpenID Connect discovery URL” ( http://localhost:8080/auth/realms/master/.well-known/openid-configuration ). On Thu, Jun 21, 2018 at 10:28 AM, Stian Thorgersen <sthorger(a)redhat.com&gt; wrote: > Of course Keycloak can stand on its own. Brokering is just an additional > optional thing. > > On 21 Jun 2018 9:33 am, "Rafael Weingärtner" < rafaelweingartner(a)gmail.com&gt; > wrote: > > Hello, Keycloak community, > > I am evaluating Keycloak, and after some reading, I got the impression that > it supports OpenID Connect and SAML (which fits exactly on my requirement). > However, after installing it, and digging a little deeper in the > configuration overview, I got confused. > > I have used OpenID Connect before with MITREid implementation. So, when I > install and configure MITREid IdP, it will be working as an IdP for my > federation. I understand that key cloak can do identity brokering, which is > super nice, but what I wonder is the following. Is Keycloak prepared to be > an IdP out of the box with either SAML or OpenID Connect protocols? Or, > Does it depends on IdPs that implement those protocols to work? > > -- > Rafael Weingärtner > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > -- Rafael Weingärtner _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user