8:12 a.m.
Hello,
I'm trying to gain clarity on whether there is a subtle difference between
Identity Federation / Identity Brokering / Authentication Brokering.
Looking at the documentation for Identity Providers, it details this as
Identity Brokering, what I can't ascertain (and haven't been able to demo)
is exactly how this works. The documentation implies that the first broker
login flow creates a local user. What happens on the second login? Would
the user always be redirected to the IdP login pages? If so what is the
local user copy for?
Potentially I'm confusing federated Open ID Connect SSO with Identity
Brokering.
My specific use case...
Application A users authenticated and authorised via Identity Provider B
(Open Id Connect)
However application A users should always be authenticated against IdP B,
there should never be local authentication based upon a local KC user.
Would disabling "Create User If Unique" from the First Broker Login flow
fulfil my requirement?
Thanks
Danny
9:25 a.m.
brokering is authentication delegation. The user is imported, a local
account is created and linked to the external IDP.
On 4/13/17 9:12 AM, Danny Regis wrote:
Hello,
I'm trying to gain clarity on whether there is a subtle difference between
Identity Federation / Identity Brokering / Authentication Brokering.
Looking at the documentation for Identity Providers, it details this as
Identity Brokering, what I can't ascertain (and haven't been able to demo)
is exactly how this works. The documentation implies that the first broker
login flow creates a local user. What happens on the second login? Would
the user always be redirected to the IdP login pages? If so what is the
local user copy for?
Potentially I'm confusing federated Open ID Connect SSO with Identity
Brokering.
My specific use case...
Application A users authenticated and authorised via Identity Provider B
(Open Id Connect)
However application A users should always be authenticated against IdP B,
there should never be local authentication based upon a local KC user.
Would disabling "Create User If Unique" from the First Broker Login flow
fulfil my requirement?
Thanks
Danny
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2841
days inactive
2841
days old
1 comments
2 participants
participants (2)
-
Bill Burke -
Danny Regis