[keycloak-dev] SAML as social login?
stian at redhat.com
Tue Feb 4 07:30:53 EST 2014
In theory that should work. The social login feature at the moment has only been tested for OAuth and OAuth2 providers, so may need some tweaking for a SAML provider.
We're also assuming that a social provider is able to retrieve a basic user profile (https://github.com/keycloak/keycloak/blob/master/social/google/src/main/java/org/keycloak/social/google/GoogleProvider.java#L85), but you could just return a username and require users to update their profile on first social login ("Update profile on first social login" option on realm settings in admin console).
In the future we plan to provide support for federation of authentication (other Keycloak realms, SAML, LDAP, etc.), but this is a good way to get something working with what Keycloak provides at the moment.
By the way at the moment the admin console has a hard-coded list of social providers, but in the next release this will be dynamic. So all you'd need is to add a jar that implements the social provider spi, and it will be available to configure it for a realm through the admin console.
----- Original Message -----
> From: "Matt Casperson" <mcaspers at redhat.com>
> To: keycloak-dev at lists.jboss.org
> Sent: Sunday, 2 February, 2014 8:56:48 PM
> Subject: [keycloak-dev] SAML as social login?
> If I am reading
> correctly, the only thing needed for a Keycloak social login is a URL to a
> login page that the user can be directed to when they are not logged in, and
> to have that login page send back a response that Keycloak can use to verify
> the user and get their details.
> So if I had appropriate permissions to use https://saml.redhat.com/idp/,
> could that be added as a social login?
> Matthew Casperson
> RHCE, RHCJA # 111-072-237
> Engineering Content Services
> Brisbane, Australia
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
More information about the keycloak-dev