[keycloak-user] authz and SAML

Pedro Igor psilva at redhat.com
Tue Nov 22 06:55:37 EST 2016

Hi Gerard,

    Right now, AuthZ Services are heavily based on OAuth2+OIDC. Right now, you can only use it when your apps are talking OIDC.

    Beside that, our enforcers are only enabled for - some - OIDC adapters such as: undertow, wildfly, tomcat and eap.

    The reason why we started with OIDC is that it fits better with the Authorization API and most use cases around API security. Can you open a JIRA, please ? I'm going to talk with @Stian about it and see when we are able to enable authz to SAML.

Pedro Igor
On 11/22/2016 9:29:25 AM, Gerard Laissard <glaissard at axway.com> wrote:

Our applications (resource servers) are using SAML to authenticate users with Keycloak. We would like to use authorization services.

Authorization service can be activated on OIDC clients, will it be possible to activate authorization service on SAML client ?
Is there any way to use authz with a SAML client ?


keycloak-user mailing list
keycloak-user at lists.jboss.org

More information about the keycloak-user mailing list