[keycloak-user] Keycloak saml authentication and authorization

Bill Burke bburke at redhat.com
Mon Nov 16 09:14:36 EST 2015


The only authorization that we can do right now is at the application 
through servlet security contraints and Java EE roles.  Keycloak now has 
a SAML client adapter derived from PL SAML SP.  There are ways to obtain 
the attributes propagated with the SAML assertion if you need something 
more:


http://keycloak.github.io/docs/userguide/saml-client-adapter/html/index.html

Here are the examples that come with the distro:

https://github.com/keycloak/keycloak/tree/master/examples/saml

Ping the list if you need further assistance.

On 11/16/2015 6:49 AM, Jukka Sirviö wrote:
> Hello all,
>
> Is there any examples on how to get Keycloak SAML authorization up and
> running?
>
> Keycloak SAML authentication is already up and running across two
> distinct web applications. My SAML authentication already includes a
> couple of user properties and attributes, but I’m not able to find any
> info about what is the right and correct way to establish authorization
> with keycloak saml, saml metadata perhaps?
>
> Could you please point me to right direction? SAML authorization
> examples would be great, or is “picketlink-federation
> –saml-sp-with-metadata” example all that I need to know?
>
> Reason for above question is that I want to get rid of our own
> web-application specific authorization mechanism!
>
> Yes, and the answer to your follow-up question is, that our environment
> is wf 9.0.1 Jèwf saml adapter is in use..
>
> Yours:
> Jukka
>
>
> ------------------------------------------------------------------------
>
> Tämä sähköpostiviesti (liitteineen) saattaa sisältää luottamuksellista
> tietoa, joka on tarkoitettu
> vain vastaanottajalleen. Jos et ole oikea vastaanottaja, ilmoita viestin
> lähettäjälle tapahtuneesta
> virheestä ja tuhoa viesti välittömästi. Viestin luvaton julkaiseminen,
> kopioiminen, jakelu tai muu
> käyttö tai toimenpiteisiin ryhtyminen sen perusteella on ehdottomasti
> kielletty.
>
> This message (including any attachments) may contain confidential
> information intended for
> the person or entity to which it is addressed. If you are not the
> intended recipient, notify the
> sender and delete this message immediately. Notice that disclosing,
> copying, distributing or any
> other use of the message and its information, or taking any action based
> on it, is strictly prohibited.
>
> ------------------------------------------------------------------------
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-user mailing list