5:04 a.m.
I cant speak for OP, but it sounds like a question I asked a while ago:
I'm looking to build an application ( identity provider) that will have
user accounts. So, where as the typical example is a user links their
Facebook, or LinkedIn account to a Keycloak account. Im interested in
making an Identity Provider - comparable to Facebook, LinkedIn - interns of
supporting the OIDC protocol - so that user can link these accounts.
Users then should then be able to link their account to a parent account.
I have been reading http://www.keycloak.org/docs/3.1/server_
development/topics/identity-brokering/account-linking.html and see that
this is possible.
I have a few questions. On the docs it says:
The application must already be logged in as an existing user via the
OIDC
protocol
How does an application login as a user?
Does this mean the user must be logged into the Identity provider
application?
Am I correct in assuming the Identity Provider application needs to
implement the OIDC Protocol? Is this something Keycloak can do? Are there
any examples of this?
On 14 September 2017 at 21:29, Simon Payne <simonpayne58(a)gmail.com> wrote:
I think the OP is referring to identity brokering where keycloak is
used to
broker other identity providers which follow the OIDC protocol. One of
these brokered identity provider can be another keycloak server.
On Thu, Sep 14, 2017 at 10:16 AM, Sebastien Blanc <sblanc(a)redhat.com>
wrote:
> As Stian said , KC is already a OIDC Idp, nothing to do here. Once your
> realm has been created, you can see the OIDC endpoints here :
>
> /auth/realms/your_realm/.well-known/openid-configuration
>
> Or was this not the question ?
>
> Sebi
>
> On Thu, Sep 14, 2017 at 12:15 AM, Anton <kurrent93(a)gmail.com> wrote:
>
> > I'm also interested in this.
> > If I understand OPs question correctly, he wants to know how to be an
> > Identity Provider that supports OIDC Protocol.
> >
> > For example - in the section on User initiated linked accounts - the
> > example is that the user links their Facebook account. How to create an
> > equivalent, OIDC-ly speaking, of Facebook?
> >
> > On 13 September 2017 at 15:41, Stian Thorgersen <sthorger(a)redhat.com>
> > wrote:
> >
> > > What are you actually trying to do? Keycloak is an OIDC IDP
> > >
> > > On 12 September 2017 at 17:59, Y Levine <ylevine20(a)gmail.com>
wrote:
> > >
> > > > I have read
> > > > http://www.keycloak.org/docs/3.2/securing_apps/topics/oidc/
> > > > oidc-overview.html
> > > >
> > > > I may have misread as it appears to list connectors to
KeyCloak's
> OIDC
> > > > ....but how do we configure KeyCloak to be the OIDC IdP?
> > > > _______________________________________________
> > > > keycloak-user mailing list
> > > > keycloak-user(a)lists.jboss.org
> > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user(a)lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user