3:52 a.m.
Hello, I have a project that includes 2 client applications.
In ONLY ONE of the clients(web application in angular) users login via a
3rd party authorization server that also has a login procedure where the
user logs in and it returns an saml v1.1 xml token and then they can access
the client. (This procedure cannot be changed) But i want this client to
also be secured with keycloak so i can have a token that i can pass to my
rest services that are also secured with keycloak.
Can i convert this saml v1.1 token to oauth2 via keycloak?
Once we have logged in I want to login this user to keycloak
programmatically and get an oauth2 token instead that can be used for the
rest services requests in the Bearer authentication header. How can i do
this?
I also want to say that the keycloak is setup to use the same active
directory that the 3rd party authorization server is using to authenticate
the users.
Is this possible?
Thanks, Porfyrios
3:29 a.m.
We don't have a token exchange facility, but we have support for
authenticating with external IdPs through what we call identity brokering.
It supports SAMLv2 IdPs only though.
We do have SPIs that let you customize/extend Keycloak. For your use-case I
could think of two options:
1. Add a custom authenticator for direct grant flow that allows
authenticating by passing a SAML v1.1 token - see
http://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html
for more info
2. Add a custom identity broker provider that allows users to login through
an external SAMLv1.1 IdP
On 5 February 2016 at 10:52, Porfyrios Vasileiou <
porfyrios.vasileiou(a)gmail.com> wrote:
Hello, I have a project that includes 2 client applications.
In ONLY ONE of the clients(web application in angular) users login via a
3rd party authorization server that also has a login procedure where the
user logs in and it returns an saml v1.1 xml token and then they can access
the client. (This procedure cannot be changed) But i want this client to
also be secured with keycloak so i can have a token that i can pass to my
rest services that are also secured with keycloak.
Can i convert this saml v1.1 token to oauth2 via keycloak?
Once we have logged in I want to login this user to keycloak
programmatically and get an oauth2 token instead that can be used for the
rest services requests in the Bearer authentication header. How can i do
this?
I also want to say that the keycloak is setup to use the same active
directory that the 3rd party authorization server is using to authenticate
the users.
Is this possible?
Thanks, Porfyrios
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3230
days inactive
3233
days old
1 comments
2 participants
participants (2)
-
Porfyrios Vasileiou -
Stian Thorgersen