Thanks Stian. Is it essential that a user is created in the Identity Broker? e.g. 1. SP directs the user to the broker for login 2. User selects one of the identity providers at the broker 3. Logs in to the IdP 4. Broker accepts the login and passes attributes / roles directly through to the SP without creating a new user in the broker db? I’m trying to avoid ending up with multiple accounts in the broker IdP for the same user depending on which IdP they auth from. Thanks Adam From: Stian Thorgersen [mailto:sthorger@redhat.com] Sent: Wednesday, 21 September 2016 3:50 PM To: Adam Keily <adam.keily(a)adelaide.edu.au&gt; Cc: keycloak-user(a)lists.jboss.org Subject: Re: [keycloak-user] Keycloak as IdP Proxy Yes, we call it identity brokering. See https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/id... On 21 September 2016 at 07:52, Adam Keily <adam.keily@adelaide.edu.au<mailto:adam.keily@adelaide.edu.au>> wrote: Is it possible to configure keycloak as an IdP proxy? e.g. https://spaces.internet2.edu/display/GS/SAMLIdPProxy We’re thinking about using two keycloak realms, one for our institutional users and one for externally registered users but some SP’s can only handle a single IdP. Any thoughts appreciated. Regards Adam _______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user

Thanks Bill. That would be great. Any idea on timeframe? From: keycloak-user-bounces(a)lists.jboss.org [mailto:keycloak-user-bounces@lists.jboss.org] On Behalf Of Bill Burke Sent: Thursday, 22 September 2016 9:29 AM To: keycloak-user(a)lists.jboss.org Subject: Re: [keycloak-user] Keycloak as IdP Proxy Currently an import is required. On roadmap to import user only for duration of user session in memory. On 9/21/16 7:18 PM, Adam Keily wrote: Thanks Stian. Is it essential that a user is created in the Identity Broker? e.g. 1. SP directs the user to the broker for login 2. User selects one of the identity providers at the broker 3. Logs in to the IdP 4. Broker accepts the login and passes attributes / roles directly through to the SP without creating a new user in the broker db? I'm trying to avoid ending up with multiple accounts in the broker IdP for the same user depending on which IdP they auth from. Thanks Adam From: Stian Thorgersen [mailto:sthorger@redhat.com] Sent: Wednesday, 21 September 2016 3:50 PM To: Adam Keily <adam.keily@adelaide.edu.au><mailto:adam.keily@adelaide.edu.au> Cc: keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> Subject: Re: [keycloak-user] Keycloak as IdP Proxy Yes, we call it identity brokering. See https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/id... On 21 September 2016 at 07:52, Adam Keily <adam.keily@adelaide.edu.au<mailto:adam.keily@adelaide.edu.au>> wrote: Is it possible to configure keycloak as an IdP proxy? e.g. https://spaces.internet2.edu/display/GS/SAMLIdPProxy We're thinking about using two keycloak realms, one for our institutional users and one for externally registered users but some SP's can only handle a single IdP. Any thoughts appreciated. Regards Adam _______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user _______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user