[keycloak-user] Integration in a federation of identity provider liek shibolleth
jayblanc at gmail.com
Wed Oct 21 03:06:42 EDT 2015
Thanks a lot for your precisions which will help me a lot. I have already
develop a theme in an earlier version and I had completely forgot that it
would do the trick, great idea.
I will also investigate the idea of implementing an authenticator in order
to add a cookie remembering the last used IdP because I also need the
classic login for some users.
Best Regards, Jérôme.
Le mer. 21 oct. 2015 à 08:34, Stian Thorgersen <sthorger at redhat.com> a
> There's no limit with the buttons, although it would become unusable. You
> can change this by creating your own theme though and use a drop down or
> whatever you'd like.
> Another idea is something we've discussed before which is to register
> certain email domains with a specific IdP. For example <user>@corp.com is
> automatically redirected to idp.corp.com. With the new authenticator SPI
> you could create this flow yourself and remove the password field from the
> initial screen.
> You may end up wanting to implement an authenticator for this in either
> case so you can add a cookie to remember the last used IdP.
> When you use identity brokering in Keycloak, Keycloak becomes the "Service
> Provider" in the external IdP, not the individual clients. So only the
> Keycloak server has to be registered with the external IdP.
> On 20 October 2015 at 17:33, Jérôme Blanchard <jayblanc at gmail.com> wrote:
>> Hi all,
>> I'm trying to integrate keycloak in a federation of indentities
>> (shibolleth) using the SAMLv2 Identity Provider. The problem is that the
>> federation count something like 100 Identity Providers and I'm afraid of
>> the L&F of the GUI as for now, adding 3 of them is creating a button for
>> each. Is there is a limit or something that creates a drop down menu ?
>> (like this list https://discovery.renater.fr/renater)
>> The goal for me is to create a kind of parser for this idps list :
>> in order to parse this list and maintain my IDPs in keycloak up to date.
>> Another question is : is each client in keycloak has to be declared as a
>> Service Provider or only the keycloak server ?
>> If you have any feedback for shibolleth federation integration using
>> keycloak I'll be very glad to share them.
>> Thanks a lot, Best Regards, Jérôme.
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the keycloak-user