[keycloak-user] Identity Brokering
Bill Burke
bburke at redhat.com
Thu Apr 13 10:25:14 EDT 2017
brokering is authentication delegation. The user is imported, a local
account is created and linked to the external IDP.
On 4/13/17 9:12 AM, Danny Regis wrote:
> Hello,
>
> I'm trying to gain clarity on whether there is a subtle difference between
> Identity Federation / Identity Brokering / Authentication Brokering.
>
> Looking at the documentation for Identity Providers, it details this as
> Identity Brokering, what I can't ascertain (and haven't been able to demo)
> is exactly how this works. The documentation implies that the first broker
> login flow creates a local user. What happens on the second login? Would
> the user always be redirected to the IdP login pages? If so what is the
> local user copy for?
>
> Potentially I'm confusing federated Open ID Connect SSO with Identity
> Brokering.
>
>
> My specific use case...
>
> Application A users authenticated and authorised via Identity Provider B
> (Open Id Connect)
>
> However application A users should always be authenticated against IdP B,
> there should never be local authentication based upon a local KC user.
>
> Would disabling "Create User If Unique" from the First Broker Login flow
> fulfil my requirement?
>
> Thanks
> Danny
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list