4:26 a.m.
Hello community,
Has anybody a clue on this topic?
Best regards,
Yann
I am currently trying to use implicit flow between two keycloak instances.
My setup is :
We have one keycloak used in our cloud and one on customer premise,
federating the customer's ldap.
Because there is no network connectivity between both the keycloak
instances I want to use the implicit flow so the customer access our service
in cloud, get redirected to our keycloak instance for login and then has the
option to use its on premise instance configured as a OIDC identity provider.
The setup work in a lab with standard flow, but with implicit flow, I get an
error message "Standard flow is disabled for the client"
Is implicit flow usable in this case?
Best regards,
Yann Jouanin
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
5:15 a.m.
New subject: Implicit flow between two (or more) keycloak instances
Hi,
For the same use case (no communication between two keycloak
instance), we resorted to use SAML authentication.
It works, but I would prefer OIDC Implicit Flow to work :)
Cédric Couralet
Le mar. 31 juil. 2018 à 10:25, Yann Jouanin <Yann.Jouanin(a)witbe.net> a écrit :
> Hello community,
Has anybody a clue on this topic?
Best regards,
Yann
>
> I am currently trying to use implicit flow between two keycloak instances.
> My setup is :
> We have one keycloak used in our cloud and one on customer premise,
> federating the customer's ldap.
>
> Because there is no network connectivity between both the keycloak
> instances I want to use the implicit flow so the customer access our service
> in cloud, get redirected to our keycloak instance for login and then has the
> option to use its on premise instance configured as a OIDC identity provider.
> The setup work in a lab with standard flow, but with implicit flow, I get an
> error message "Standard flow is disabled for the client"
>
> Is implicit flow usable in this case?
>
> Best regards,
> Yann Jouanin
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
8:52 a.m.
New subject: Implicit flow between two (or more) keycloak instances
Hi Yann,
Is there no connectivity between Keycloaks at all, or is it only one-way? A diagram would
be helpful I think.
Which adapter do you use? Could you try enabling *both* Standard and Implicit flows for
the client? This will result in an access token returned as a "code" query
parameter in response to "response_type=code".
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
On Tue, 2018-07-31 at 08:26 +0000, Yann Jouanin wrote:
Hello community,
Has anybody a clue on this topic?
Best regards,
Yann
>
> I am currently trying to use implicit flow between two keycloak instances.
> My setup is :
> We have one keycloak used in our cloud and one on customer premise,
> federating the customer's ldap.
>
> Because there is no network connectivity between both the keycloak
> instances I want to use the implicit flow so the customer access our service
> in cloud, get redirected to our keycloak instance for login and then has the
> option to use its on premise instance configured as a OIDC identity provider.
> The setup work in a lab with standard flow, but with implicit flow, I get an
> error message "Standard flow is disabled for the client"
>
> Is implicit flow usable in this case?
>
> Best regards,
> Yann Jouanin
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2087
days inactive
2093
days old
2 comments
3 participants
participants (3)
-
Cédric Couralet -
Dmitry Telegin -
Yann Jouanin