Yes --- looking for similar....
KeyCloak is the OIDC Identity Provider --- Applications integrate against
KeyCloak via OIDC --- users would authenticate directly against login page
on KeyCloak - redirected back to SP.....ala Google login process to
Stackoverflow (however in this case KeyCloak is the IDP for our
organization's login/password).
If there are steps that can describe how above can be configured will be
much appreciated.
On Thu, Sep 14, 2017 at 3:04 AM, Anton <kurrent93(a)gmail.com> wrote:
I cant speak for OP, but it sounds like a question I asked a while
ago:
I'm looking to build an application ( identity provider) that will have
user accounts. So, where as the typical example is a user links their
Facebook, or LinkedIn account to a Keycloak account. Im interested in
making an Identity Provider - comparable to Facebook, LinkedIn - interns of
supporting the OIDC protocol - so that user can link these accounts.
Users then should then be able to link their account to a parent account.
I have been reading
http://www.keycloak.org/docs/3.1/server_
development/topics/identity-brokering/account-linking.html and see that
this is possible.
I have a few questions. On the docs it says:
> The application must already be logged in as an existing user via the
OIDC
> protocol
>
How does an application login as a user?
Does this mean the user must be logged into the Identity provider
application?
Am I correct in assuming the Identity Provider application needs to
implement the OIDC Protocol? Is this something Keycloak can do? Are there
any examples of this?
On 14 September 2017 at 21:29, Simon Payne <simonpayne58(a)gmail.com> wrote:
> I think the OP is referring to identity brokering where keycloak is used
to
> broker other identity providers which follow the OIDC protocol. One of
> these brokered identity provider can be another keycloak server.
>
> On Thu, Sep 14, 2017 at 10:16 AM, Sebastien Blanc <sblanc(a)redhat.com>
> wrote:
>
> > As Stian said , KC is already a OIDC Idp, nothing to do here. Once your
> > realm has been created, you can see the OIDC endpoints here :
> >
> > /auth/realms/your_realm/.well-known/openid-configuration
> >
> > Or was this not the question ?
> >
> > Sebi
> >
> > On Thu, Sep 14, 2017 at 12:15 AM, Anton <kurrent93(a)gmail.com> wrote:
> >
> > > I'm also interested in this.
> > > If I understand OPs question correctly, he wants to know how to be an
> > > Identity Provider that supports OIDC Protocol.
> > >
> > > For example - in the section on User initiated linked accounts - the
> > > example is that the user links their Facebook account. How to create
an
> > > equivalent, OIDC-ly speaking, of Facebook?
> > >
> > > On 13 September 2017 at 15:41, Stian Thorgersen <sthorger(a)redhat.com
>
> > > wrote:
> > >
> > > > What are you actually trying to do? Keycloak is an OIDC IDP
> > > >
> > > > On 12 September 2017 at 17:59, Y Levine <ylevine20(a)gmail.com>
wrote:
> > > >
> > > > > I have read
> > > > >
http://www.keycloak.org/docs/3.2/securing_apps/topics/oidc/
> > > > > oidc-overview.html
> > > > >
> > > > > I may have misread as it appears to list connectors to
KeyCloak's
> > OIDC
> > > > > ....but how do we configure KeyCloak to be the OIDC IdP?
> > > > > _______________________________________________
> > > > > keycloak-user mailing list
> > > > > keycloak-user(a)lists.jboss.org
> > > > >
https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > > >
> > > > _______________________________________________
> > > > keycloak-user mailing list
> > > > keycloak-user(a)lists.jboss.org
> > > >
https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user(a)lists.jboss.org
> > >
https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> >
https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user