5:49 a.m.
Hello all,
Is there any examples on how to get Keycloak SAML authorization up and running?
Keycloak SAML authentication is already up and running across two distinct web
applications. My SAML authentication already includes a couple of user properties and
attributes, but I'm not able to find any info about what is the right and correct way
to establish authorization with keycloak saml, saml metadata perhaps?
Could you please point me to right direction? SAML authorization examples would be great,
or is "picketlink-federation -saml-sp-with-metadata" example all that I need to
know?
Reason for above question is that I want to get rid of our own web-application specific
authorization mechanism!
Yes, and the answer to your follow-up question is, that our environment is wf 9.0.1 :)
==> wf saml adapter is in use..
Yours:
Jukka
________________________________
Tämä sähköpostiviesti (liitteineen) saattaa sisältää luottamuksellista tietoa, joka on
tarkoitettu
vain vastaanottajalleen. Jos et ole oikea vastaanottaja, ilmoita viestin lähettäjälle
tapahtuneesta
virheestä ja tuhoa viesti välittömästi. Viestin luvaton julkaiseminen, kopioiminen, jakelu
tai muu
käyttö tai toimenpiteisiin ryhtyminen sen perusteella on ehdottomasti kielletty.
This message (including any attachments) may contain confidential information intended
for
the person or entity to which it is addressed. If you are not the intended recipient,
notify the
sender and delete this message immediately. Notice that disclosing, copying, distributing
or any
other use of the message and its information, or taking any action based on it, is
strictly prohibited.
________________________________
8:14 a.m.
The only authorization that we can do right now is at the application
through servlet security contraints and Java EE roles. Keycloak now has
a SAML client adapter derived from PL SAML SP. There are ways to obtain
the attributes propagated with the SAML assertion if you need something
more:
http://keycloak.github.io/docs/userguide/saml-client-adapter/html/index.html
Here are the examples that come with the distro:
https://github.com/keycloak/keycloak/tree/master/examples/saml
Ping the list if you need further assistance.
On 11/16/2015 6:49 AM, Jukka Sirviö wrote:
Hello all,
Is there any examples on how to get Keycloak SAML authorization up and
running?
Keycloak SAML authentication is already up and running across two
distinct web applications. My SAML authentication already includes a
couple of user properties and attributes, but I’m not able to find any
info about what is the right and correct way to establish authorization
with keycloak saml, saml metadata perhaps?
Could you please point me to right direction? SAML authorization
examples would be great, or is “picketlink-federation
–saml-sp-with-metadata” example all that I need to know?
Reason for above question is that I want to get rid of our own
web-application specific authorization mechanism!
Yes, and the answer to your follow-up question is, that our environment
is wf 9.0.1 Jèwf saml adapter is in use..
Yours:
Jukka
------------------------------------------------------------------------
Tämä sähköpostiviesti (liitteineen) saattaa sisältää luottamuksellista
tietoa, joka on tarkoitettu
vain vastaanottajalleen. Jos et ole oikea vastaanottaja, ilmoita viestin
lähettäjälle tapahtuneesta
virheestä ja tuhoa viesti välittömästi. Viestin luvaton julkaiseminen,
kopioiminen, jakelu tai muu
käyttö tai toimenpiteisiin ryhtyminen sen perusteella on ehdottomasti
kielletty.
This message (including any attachments) may contain confidential
information intended for
the person or entity to which it is addressed. If you are not the
intended recipient, notify the
sender and delete this message immediately. Notice that disclosing,
copying, distributing or any
other use of the message and its information, or taking any action based
on it, is strictly prohibited.
------------------------------------------------------------------------
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
12:26 p.m.
thank you Bill for a quick response,
I will continue using our current SP level authorization functionality, it is easily
integrated with Keycloak SAML with the help of additional attributes, as you pointed
(please see screenshot). EE roles and constraints will be used where appropriate.
Those mentioned examples I'm quite familiar with, and also the client adapter
documentation is reasonably well studied.
thanks,
Yours:
Jukka
-----Alkuperäinen viesti-----
Lähettäjä: keycloak-user-bounces(a)lists.jboss.org
[mailto:keycloak-user-bounces@lists.jboss.org] Puolesta Bill Burke
Lähetetty: 16. marraskuuta 2015 16:15
Vastaanottaja: keycloak-user(a)lists.jboss.org
Aihe: Re: [keycloak-user] Keycloak saml authentication and authorization
The only authorization that we can do right now is at the application through servlet
security contraints and Java EE roles. Keycloak now has a SAML client adapter derived
from PL SAML SP. There are ways to obtain the attributes propagated with the SAML
assertion if you need something
more:
http://keycloak.github.io/docs/userguide/saml-client-adapter/html/index.html
Here are the examples that come with the distro:
https://github.com/keycloak/keycloak/tree/master/examples/saml
Ping the list if you need further assistance.
On 11/16/2015 6:49 AM, Jukka Sirviö wrote:
Hello all,
Is there any examples on how to get Keycloak SAML authorization up and
running?
Keycloak SAML authentication is already up and running across two
distinct web applications. My SAML authentication already includes a
couple of user properties and attributes, but I'm not able to find any
info about what is the right and correct way to establish
authorization with keycloak saml, saml metadata perhaps?
Could you please point me to right direction? SAML authorization
examples would be great, or is "picketlink-federation
-saml-sp-with-metadata" example all that I need to know?
Reason for above question is that I want to get rid of our own
web-application specific authorization mechanism!
Yes, and the answer to your follow-up question is, that our
environment is wf 9.0.1 Jèwf saml adapter is in use..
Yours:
Jukka
----------------------------------------------------------------------
--
Tämä sähköpostiviesti (liitteineen) saattaa sisältää luottamuksellista
tietoa, joka on tarkoitettu vain vastaanottajalleen. Jos et ole oikea
vastaanottaja, ilmoita viestin lähettäjälle tapahtuneesta virheestä ja
tuhoa viesti välittömästi. Viestin luvaton julkaiseminen, kopioiminen,
jakelu tai muu käyttö tai toimenpiteisiin ryhtyminen sen perusteella
on ehdottomasti kielletty.
This message (including any attachments) may contain confidential
information intended for the person or entity to which it is
addressed. If you are not the intended recipient, notify the sender
and delete this message immediately. Notice that disclosing, copying,
distributing or any other use of the message and its information, or
taking any action based on it, is strictly prohibited.
----------------------------------------------------------------------
--
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3329
days inactive
3329
days old
2 comments
2 participants
participants (2)
-
Bill Burke -
Jukka Sirviö