[keycloak-user] Implementation of Keycloak (SAML) with Google Apps
Marek Posolda
mposolda at redhat.com
Wed Nov 25 05:51:38 EST 2015
Longer time ago, I did the integration of picketlink with Google Apps,
which is documented here:
https://docs.jboss.org/author/display/PLINK/Picketlink+as+IDP,+Google+Apps+as+SP
. Some steps might be outdated, but hopefully most of them is still
applicable and can be (maybe with some tweaks) applied for Keycloak as
well. Especially the part for configuring on Google side. I did not
tried in practice with Keycloak yet, but I think that you may want to:
- Use clientId like "|google.com/a/yourdomain.com" for your client where
yourdomain.com is your Google-Apps domain|
- Select "Sign assertions" so google-apps will verify the signature on
assertion with the realm key you uploaded
Other options might be kept default probably (not sure at 100% as I
didn't try it myself yet)
Marek
On 25/11/15 10:42, Thomas Schweizer-Bolzonello wrote:
> Hello,
> Does someone have documentation on how to implement Keycloak with Google Apps ?
> I tried to implement a SAML client in a Keycloak realm but I'm lost
> with settings when creating one.
>
> Tried to use the official documentation and to search on the web but
> to no avail.
>
> If someone could point me to what settings to use in the SAML client I
> created, it would be great.
> I already took the key generated for the realm and uploaded it to Google Apps.
>
> Best regards,
> Thomas
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151125/b2914891/attachment.html
More information about the keycloak-user
mailing list