[keycloak-dev] Claims Mapping and Identity Federation

Bill Burke bburke at redhat.com
Fri Feb 20 10:50:41 EST 2015



On 2/20/2015 10:46 AM, Pedro Igor Silva wrote:
> Regarding what you said about claims, going to think on what you said during the weekend. Get back to you on Monday :)
>
> I'm glad that you are already considering making internal code more flexible so we can deal with access tokens, id tokens, saml assertions or whatever is issued by KC prior to return them to service providers. This is also one of the things in my requirements list.
>

I'm a bit nervous about this as we end up having to expose the entire 
SAML document model to users.  I don't see any way around it though. 
There are so many esoteric SAML features that we won't be able to 
support due to time constraints, yet I want to be able to allow users to 
apply their own extensions to support them.

> Some comments in line.
>
> ----- Original Message -----
>> From: "Bill Burke" <bburke at redhat.com>
>> To: keycloak-dev at lists.jboss.org
>> Sent: Friday, February 20, 2015 1:36:31 PM
>> Subject: Re: [keycloak-dev] Claims Mapping and Identity Federation
>
> What about the ID token. I think this guy is the most important in this context.
>

AccessToken extends ID Token. ID Token is created from the access token.


-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list