Hello Everyone,
We would like to set up two (or more) Keycloak systems (in different, remote locations)
and would like to establish something like mutual trust between them using Identity
Brokering. For two IdPs A and B, each of the two should have their own accounts and should
be set up to broker to the other IdP, e.g. via 'Keycloak OpenID Connect'. This
would have the advantage that a client of A could be used by a user of B and vice versa.
Is this something that
* Definitely works
* Works, but with pitfalls ...
* Should work
* Doesn't work, because ...
Interesting situation may be, if a user tries to use a client and is redirect to IdP A,
where he then clicks on "Authenticate via IdP B", where he then clicks on
"Authenticate via IdP A", where he then clicks on "Authenticate via IdP
B" and so on. Can this be avoided?
Thanks,
Michael
This message is for the designated recipient only and may contain privileged or
confidential information. If you have received it in error, please notify the sender
immediately and delete the original. Any other use of the email by you is prohibited.