[keycloak-user] Integration in a federation of identity provider liek shibolleth

Stian Thorgersen sthorger at redhat.com
Wed Oct 21 02:34:57 EDT 2015


There's no limit with the buttons, although it would become unusable. You
can change this by creating your own theme though and use a drop down or
whatever you'd like.

Another idea is something we've discussed before which is to register
certain email domains with a specific IdP. For example <user>@corp.com is
automatically redirected to idp.corp.com. With the new authenticator SPI
you could create this flow yourself and remove the password field from the
initial screen.

You may end up wanting to implement an authenticator for this in either
case so you can add a cookie to remember the last used IdP.

When you use identity brokering in Keycloak, Keycloak becomes the "Service
Provider" in the external IdP, not the individual clients. So only the
Keycloak server has to be registered with the external IdP.

On 20 October 2015 at 17:33, Jérôme Blanchard <jayblanc at gmail.com> wrote:

> Hi all,
>
> I'm trying to integrate keycloak in a federation of indentities
> (shibolleth) using the SAMLv2 Identity Provider. The problem is that the
> federation count something like 100 Identity Providers and I'm afraid of
> the L&F of the GUI as for now, adding 3 of them is creating a button for
> each. Is there is a limit or something that creates a drop down menu ?
> (like this list https://discovery.renater.fr/renater)
> <https://discovery.renater.fr/renater/?entityID=https%3A%2F%2Fsaga.renater.fr%2F&return=https%3A%2F%2Fsaga.renater.fr%2FShibboleth.sso%2FLogin%3FSAMLDS%3D1%26passwd%3DhT6oU5$.%21%26submit_saga%3DConnexion%26%26target%3Dss%253Amem%253Aa66aa537777acf60e05706949b588b203be0a12e>
> The goal for me is to create a kind of parser for this idps list :
> http://federation.renater.fr/renater/idps-renater-metadata.xml
> in order to parse this list and maintain my IDPs in keycloak up to date.
>
> Another question is : is each client in keycloak has to be declared as a
> Service Provider or only the keycloak server ?
>
> If you have any feedback for shibolleth federation integration using
> keycloak I'll be very glad to share them.
>
> Thanks a lot, Best Regards, Jérôme.
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151021/6876ff7e/attachment-0001.html 


More information about the keycloak-user mailing list