Re: [keycloak-user] Keycloak as an identity provider (either SAML or OpenID Connect)?
Thanks for the answer Stian.
From my readings and testing, it looks like Keycloak is able to have
“multiple IdPs inside itself”. I mean, it uses the idea of “realms”, and
they can have different configurations. Therefore, for an external client
(SP), each realm will look like a different IdP. At least, that is my
feeling when I discovered the “OpenID Connect discovery URL” (
http://localhost:8080/auth/realms/master/.well-known/openid-configuration).
On Thu, Jun 21, 2018 at 10:28 AM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
Of course Keycloak can stand on its own. Brokering is just an
additional
optional thing.
On 21 Jun 2018 9:33 am, "Rafael Weingärtner"
<rafaelweingartner(a)gmail.com>
wrote:
Hello, Keycloak community,
I am evaluating Keycloak, and after some reading, I got the impression that
it supports OpenID Connect and SAML (which fits exactly on my requirement).
However, after installing it, and digging a little deeper in the
configuration overview, I got confused.
I have used OpenID Connect before with MITREid implementation. So, when I
install and configure MITREid IdP, it will be working as an IdP for my
federation. I understand that key cloak can do identity brokering, which is
super nice, but what I wonder is the following. Is Keycloak prepared to be
an IdP out of the box with either SAML or OpenID Connect protocols? Or,
Does it depends on IdPs that implement those protocols to work?
--
Rafael Weingärtner
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Rafael Weingärtner