[keycloak-user] Keycloak saml v1.1 to oauth2 token
Stian Thorgersen
sthorger at redhat.com
Mon Feb 8 04:29:32 EST 2016
We don't have a token exchange facility, but we have support for
authenticating with external IdPs through what we call identity brokering.
It supports SAMLv2 IdPs only though.
We do have SPIs that let you customize/extend Keycloak. For your use-case I
could think of two options:
1. Add a custom authenticator for direct grant flow that allows
authenticating by passing a SAML v1.1 token - see
http://keycloak.github.io/docs/userguide/keycloak-server/html/auth_spi.html
for more info
2. Add a custom identity broker provider that allows users to login through
an external SAMLv1.1 IdP
On 5 February 2016 at 10:52, Porfyrios Vasileiou <
porfyrios.vasileiou at gmail.com> wrote:
> Hello, I have a project that includes 2 client applications.
>
> In ONLY ONE of the clients(web application in angular) users login via a
> 3rd party authorization server that also has a login procedure where the
> user logs in and it returns an saml v1.1 xml token and then they can access
> the client. (This procedure cannot be changed) But i want this client to
> also be secured with keycloak so i can have a token that i can pass to my
> rest services that are also secured with keycloak.
>
> Can i convert this saml v1.1 token to oauth2 via keycloak?
>
> Once we have logged in I want to login this user to keycloak
> programmatically and get an oauth2 token instead that can be used for the
> rest services requests in the Bearer authentication header. How can i do
> this?
>
> I also want to say that the keycloak is setup to use the same active
> directory that the 3rd party authorization server is using to authenticate
> the users.
>
> Is this possible?
>
> Thanks, Porfyrios
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160208/22d8974e/attachment.html
More information about the keycloak-user
mailing list