Longer time ago, I did the integration
of picketlink with Google Apps, which is documented here:
https://docs.jboss.org/author/display/PLINK/Picketlink+as+IDP,+Google+Apps+as+SP
. Some steps might be outdated, but hopefully most of them is
still applicable and can be (maybe with some tweaks) applied for
Keycloak as well. Especially the part for configuring on Google
side. I did not tried in practice with Keycloak yet, but I think
that you may want to:
- Use clientId like "
google.com/a/yourdomain.com"
for your client where yourdomain.com is your Google-Apps domain
- Select "Sign assertions" so google-apps will verify the
signature on assertion with the realm key you uploaded
Other options might be kept default probably (not sure at 100% as
I didn't try it myself yet)
Marek
On 25/11/15 10:42, Thomas Schweizer-Bolzonello wrote: