7:02 a.m.
I was concerned you might suggest that :). While a valid option, it unfortunately would
require me to add hundreds of custom InCommmon providers for our customers to handle the
user property mappings. Not to mentioned many customer build systems.
Our company has an in-company customer on boarding and integrations team has chosen Ping
to handle this part of the handshake was would like to hand off to Keycloak a SAML 2
token. Most of them do not like the idea of exposing internal request into their systems
and would prefer to have the login start internally. Additionally I would need to brand
every login page within Keycloak.
Thoughts?
On Dec 21, 2016, at 10:32 PM, Stian Thorgersen
<sthorger@redhat.com<mailto:sthorger@redhat.com>> wrote:
Why not just register the customer IdPs directly with Keycloak using identity brokering?
On 22 December 2016 at 02:27, Dana Danet
<Dana.Danet@evisions.com<mailto:Dana.Danet@evisions.com>> wrote:
Thank you for responding and I apologize if my question was misleading, let me try
again.
My requirement is to support a SSO IdM/IdP for customers without their own system, ideally
in a multi tenant way, and to support SSO for customers that have on-premise SSO
implementations, mostly are InCommon.
We have decided to implement Ping as a SP to handshake with the on-premise (InCommon)
customers. Since these integration points could be more than just InCommon. My thought is
that Ping will accept the authN, translate the properties to a grant (SAML2) and forward
to Keycloak to create the JWT. I attached a image reflecting this below.
My question is how would I register within Keycloak that AuthN would be handled by Ping,
and to create a JWT.
On Dec 15, 2016, at 11:41 PM, Stian Thorgersen
<sthorger@redhat.com<mailto:sthorger@redhat.com>> wrote:
Not quite sure what you're asking here as there seems to be 3 IdPs? Customer IdP, Ping
and Keycloak?
On 14 December 2016 at 17:25, Dana Danet
<Dana.Danet@evisions.com<mailto:Dana.Danet@evisions.com>> wrote:
I just recently introduced KC to a Spring Cloud micro-service environment as the IDM and
Oauth manager of JWT tokens. Front end clients are implementing the javascript adapter
and backend Spring Boot services are implemented with the Spring Security adapter (not
boot adapter). Our Service Gateway (Zuul) simply passes the token to backend services.
My question is regarding offloading offloading AuthN and IDP to external systems and then
brokering to Keycloak for JWT creation. Which would look something like
( Customer on premise AuthN) —> Ping —> Keycloak. Ping has been introduced
purely as an SP to handle customers implementations of Shibboleth and Incommon. Initially
I was thinking that IDP - Ping SP mapping is all done via Ping and then a canonical SAML
exchange to Keycloak.
Is this possible? I would appreciate some guidance here.
-dana
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user