[keycloak-dev] SAML IDP defaults

Pedro Igor Silva psilva at redhat.com
Fri Nov 7 08:37:21 EST 2014


I'm not sure Bill. There a number of different use cases, people should choose what they want. Not sure if it is a good thing to force users to always use signatures.

If you want to provide a good interoperability with others implementations, better to keep these options.

I understand your point, but I don't think this would be appealing to your community (and users from PL and other vendors).

Maybe you can just organize better that UI in order to make it more simple and avoid user mistakes. 

----- Original Message -----
From: "Bill Burke" <bburke at redhat.com>
To: keycloak-dev at lists.jboss.org, "Pedro Igor Silva" <psilva at redhat.com>
Sent: Wednesday, November 5, 2014 12:25:10 PM
Subject: SAML IDP defaults

I think there is too many configuration options for Keycloak SAML IDP 
support.  Don't you think it is safe to require that

1) IDP always signs SAML documents
2) Require SP to also always sign documents

#1 should definitely be a default and unchangable.  Can't the SP just 
ignore it anyways?  Not sure about #2.


-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list