[keycloak-user] Offline tokens with external IDP
Stian Thorgersen
sthorger at redhat.com
Tue Aug 16 03:51:48 EDT 2016
On 25 July 2016 at 09:01, Haim Vana <haimv at perfectomobile.com> wrote:
> Hi,
>
>
>
> We are using KeyCloak for a several weeks now, one of the flows is user
> script authentication with offline token:
>
>
>
> 1. The user log in to the UI
>
> 2. Generates offline token by entering his password again
>
> 3. Put the offline token in his script
>
> 4. Executes the script
>
>
>
> Now we want to add external IDP support, first is it possible to generate
> offline tokens for extremal IDP in KeyCloak ? if so how ?
>
Assuming you're using the Keycloak login screen it's just a matter of
configuring the external IdP as an identity broker provider and it will be
displayed as an option on the login screen.
>
>
> Second in section #2 above the user enters his password to generate the
> offline token, with external IDP we can’t use his password, one alternative
> is to always generate the offline token in the login (add offline_access),
> however is it make sense to create offline token for every login ?
>
You shouldn't create offline token for every login, just once for a new
user or once offline token is no longer valid.
>
>
>
>
> Thanks,
>
> Haim.
> The information contained in this message is proprietary to the sender,
> protected from disclosure, and may be privileged. The information is
> intended to be conveyed only to the designated recipient(s) of the message.
> If the reader of this message is not the intended recipient, you are hereby
> notified that any dissemination, use, distribution or copying of this
> communication is strictly prohibited and may be unlawful. If you have
> received this communication in error, please notify us immediately by
> replying to the message and deleting it from your computer. Thank you.
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160816/33b8b4e6/attachment.html
More information about the keycloak-user
mailing list