From: "Raghu Prabhala" <prabhalar(a)yahoo.com>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: "Bill Burke" <bburke(a)redhat.com>, keycloak-user(a)lists.jboss.org
Sent: Thursday, January 22, 2015 2:22:51 PM
Subject: Re: [keycloak-user] Delegated SAML authentication?
That would be great. Thank you vey much Stian. Just to give you more
background and provide you my wishlist for the short term. 1) Identity
brokering that will help us authenticate against diff stores. One of them
would be Kerberos (SPNEGO). 2) Customization of claims in both SAML as well
OpenID Connect responses for each application (client) -similar to what ADFS
provides today for SAML. It provides a GUI to choose the store as well as
the attributes for each relying party and also to map those attribute names
to different values (cn can be mapped to "Name" for one client and "Full
Name" for another) which will be reflected in the claims sent to the relying
party.3) OpenID Connect Interop (Today some of the endpoints do not fully
adhere to the Spec)
I believe you have all the above requests in your queue for 1.2 release or
later but would appreciate if you can squeeze them in the next cycle of
binaries.
All of those are scheduled for the not so distant future, but I can't guarantee
they'll all be included in 1.2.
Regards,Raghu From: Stian Thorgersen <stian(a)redhat.com>
To: Raghuram Prabhala <prabhalar(a)yahoo.com>
Cc: Bill Burke <bburke(a)redhat.com>; keycloak-user(a)lists.jboss.org
Sent: Thursday, January 22, 2015 2:24 AM
Subject: Re: [keycloak-user] Delegated SAML authentication?
----- Original Message -----
> From: "Raghuram Prabhala" <prabhalar(a)yahoo.com>
> To: "Bill Burke" <bburke(a)redhat.com>
> Cc: keycloak-user(a)lists.jboss.org
> Sent: Wednesday, January 21, 2015 6:05:30 PM
> Subject: Re: [keycloak-user] Delegated SAML authentication?
>
> Bill - identity brokering is something that we need today. Is it possible
> to
> release an alpha or beta version of that functionality earlier than March
> so
> that we can start integration work now? Unfortunately we can't build from
> source and look for binaries from you.
Once we have 1.1.0.Final released, which is hopefully this or next week, we
should be able to release something.
>
> Thanks
> Raghu
>
> Sent from my iPhone
>
> > On Jan 21, 2015, at 9:45 AM, Bill Burke <bburke(a)redhat.com> wrote:
> >
> > Pedro has it working in master. Won't be release until like March
> > though probably.
> >
> >> On 1/21/2015 1:21 AM, Stian Thorgersen wrote:
> >>
> >>
> >> ----- Original Message -----
> >>> From: "Guy Davis" <guydavis.ca(a)gmail.com>
> >>> To: keycloak-user(a)lists.jboss.org
> >>> Sent: Wednesday, 21 January, 2015 6:08:50 AM
> >>> Subject: [keycloak-user] Delegated SAML authentication?
> >>>
> >>> Good day,
> >>>
> >>> With the upcoming Keycloak 1.10, I see SAML support has been added to
> >>> KeyCloak. Will it be possible to have Keycloak delegate to another IDP
> >>> such
> >>> as MS Azure ADFS or OneLogin? Ideally, I'd like to use KeyCloak by
> >>> default
> >>> for our JBoss deployments, but in certain cases, customers are asking
> >>> for
> >>> integration with the MS Azure cloud authentication mechanisms.
> >>
> >> It won't work for 1.1.0. We're working on that (identity brokering)
for
> >> 1.2.0 where you'll be able to delegate to external OpenID Connect or
> >> SAML
> >> IdP's.
> >>
> >>>
> >>> Thanks in advance,
> >>> Guy
> >>>
> >>> _______________________________________________
> >>> keycloak-user mailing list
> >>> keycloak-user(a)lists.jboss.org
> >>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
> >> _______________________________________________
> >> keycloak-user mailing list
> >> keycloak-user(a)lists.jboss.org
> >>
https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> > --
> > Bill Burke
> > JBoss, a division of Red Hat
> >
http://bill.burkecentral.com
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user(a)lists.jboss.org
> >
https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>