[keycloak-user] Keycloak as IdP Proxy

Adam Keily adam.keily at adelaide.edu.au
Wed Sep 21 20:18:57 EDT 2016 

Thanks Bill. That would be great. Any idea on timeframe?

From: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces at lists.jboss.org] On Behalf Of Bill Burke
Sent: Thursday, 22 September 2016 9:29 AM
To: keycloak-user at lists.jboss.org
Subject: Re: [keycloak-user] Keycloak as IdP Proxy


Currently an import is required.  On roadmap to import user only for duration of user session in memory.

On 9/21/16 7:18 PM, Adam Keily wrote:
Thanks Stian. Is it essential that a user is created in the Identity Broker?

e.g.


1.      SP directs the user to the broker for login

2.      User selects one of the identity providers at the broker

3.      Logs in to the IdP

4.      Broker accepts the login and passes attributes / roles directly through to the SP without creating a new user in the broker db?

I'm trying to avoid ending up with multiple accounts in the broker IdP for the same user depending on which IdP they auth from.

Thanks
Adam

From: Stian Thorgersen [mailto:sthorger at redhat.com]
Sent: Wednesday, 21 September 2016 3:50 PM
To: Adam Keily <adam.keily at adelaide.edu.au><mailto:adam.keily at adelaide.edu.au>
Cc: keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
Subject: Re: [keycloak-user] Keycloak as IdP Proxy

Yes, we call it identity brokering. See https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/identity-broker.html

On 21 September 2016 at 07:52, Adam Keily <adam.keily at adelaide.edu.au<mailto:adam.keily at adelaide.edu.au>> wrote:
Is it possible to configure keycloak as an IdP proxy?

e.g. https://spaces.internet2.edu/display/GS/SAMLIdPProxy

We're thinking about using two keycloak realms, one for our institutional users and one for externally registered users but some SP's can only handle a single IdP.

Any thoughts appreciated.

Regards
Adam

_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user





_______________________________________________

keycloak-user mailing list

keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>

https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160922/5cf75823/attachment-0001.html

More information about the keycloak-user mailing list