Thank you for responding and I apologize if my question was misleading, let me try
again.
My requirement is to support a SSO IdM/IdP for customers without their own system, ideally
in a multi tenant way, and to support SSO for customers that have on-premise SSO
implementations, mostly are InCommon.
We have decided to implement Ping as a SP to handshake with the on-premise (InCommon)
customers. Since these integration points could be more than just InCommon. My thought is
that Ping will accept the authN, translate the properties to a grant (SAML2) and forward
to Keycloak to create the JWT. I attached a image reflecting this below.
My question is how would I register within Keycloak that AuthN would be handled by Ping,
and to create a JWT.
[cid:AAEF3E4F-5D02-49A2-AE50-0C83E98B9D0C@attlocal.net]
On Dec 15, 2016, at 11:41 PM, Stian Thorgersen
<sthorger@redhat.com<mailto:sthorger@redhat.com>> wrote:
Not quite sure what you're asking here as there seems to be 3 IdPs? Customer IdP, Ping
and Keycloak?
On 14 December 2016 at 17:25, Dana Danet
<Dana.Danet@evisions.com<mailto:Dana.Danet@evisions.com>> wrote:
I just recently introduced KC to a Spring Cloud micro-service environment as the IDM and
Oauth manager of JWT tokens. Front end clients are implementing the javascript adapter
and backend Spring Boot services are implemented with the Spring Security adapter (not
boot adapter). Our Service Gateway (Zuul) simply passes the token to backend services.
My question is regarding offloading offloading AuthN and IDP to external systems and then
brokering to Keycloak for JWT creation. Which would look something like
( Customer on premise AuthN) —> Ping —> Keycloak. Ping has been introduced
purely as an SP to handle customers implementations of Shibboleth and Incommon. Initially
I was thinking that IDP - Ping SP mapping is all done via Ping and then a canonical SAML
exchange to Keycloak.
Is this possible? I would appreciate some guidance here.
-dana
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user