[keycloak-user] KeyCloak as an OIDC
Stian Thorgersen
sthorger at redhat.com
Fri Sep 15 03:30:40 EDT 2017
I'm not following.. What you want is secure your applications with Keycloak
using the OIDC protocol? If so just create a client for it in the realm and
away you go..?
On 14 September 2017 at 21:25, Y Levine <ylevine20 at gmail.com> wrote:
> Yes --- looking for similar....
>
> KeyCloak is the OIDC Identity Provider --- Applications integrate against
> KeyCloak via OIDC --- users would authenticate directly against login page
> on KeyCloak - redirected back to SP.....ala Google login process to
> Stackoverflow (however in this case KeyCloak is the IDP for our
> organization's login/password).
>
> If there are steps that can describe how above can be configured will be
> much appreciated.
>
>
> On Thu, Sep 14, 2017 at 3:04 AM, Anton <kurrent93 at gmail.com> wrote:
>
> > I cant speak for OP, but it sounds like a question I asked a while ago:
> >
> > I'm looking to build an application ( identity provider) that will have
> > user accounts. So, where as the typical example is a user links their
> > Facebook, or LinkedIn account to a Keycloak account. Im interested in
> > making an Identity Provider - comparable to Facebook, LinkedIn - interns
> of
> > supporting the OIDC protocol - so that user can link these accounts.
> >
> > Users then should then be able to link their account to a parent account.
> >
> > I have been reading http://www.keycloak.org/docs/3.1/server_
> > development/topics/identity-brokering/account-linking.html and see that
> > this is possible.
> >
> > I have a few questions. On the docs it says:
> >
> > > The application must already be logged in as an existing user via the
> > OIDC
> > > protocol
> > >
> > How does an application login as a user?
> > Does this mean the user must be logged into the Identity provider
> > application?
> >
> > Am I correct in assuming the Identity Provider application needs to
> > implement the OIDC Protocol? Is this something Keycloak can do? Are there
> > any examples of this?
> >
> > On 14 September 2017 at 21:29, Simon Payne <simonpayne58 at gmail.com>
> wrote:
> >
> > > I think the OP is referring to identity brokering where keycloak is
> used
> > to
> > > broker other identity providers which follow the OIDC protocol. One of
> > > these brokered identity provider can be another keycloak server.
> > >
> > > On Thu, Sep 14, 2017 at 10:16 AM, Sebastien Blanc <sblanc at redhat.com>
> > > wrote:
> > >
> > > > As Stian said , KC is already a OIDC Idp, nothing to do here. Once
> your
> > > > realm has been created, you can see the OIDC endpoints here :
> > > >
> > > > /auth/realms/your_realm/.well-known/openid-configuration
> > > >
> > > > Or was this not the question ?
> > > >
> > > > Sebi
> > > >
> > > > On Thu, Sep 14, 2017 at 12:15 AM, Anton <kurrent93 at gmail.com> wrote:
> > > >
> > > > > I'm also interested in this.
> > > > > If I understand OPs question correctly, he wants to know how to be
> an
> > > > > Identity Provider that supports OIDC Protocol.
> > > > >
> > > > > For example - in the section on User initiated linked accounts -
> the
> > > > > example is that the user links their Facebook account. How to
> create
> > an
> > > > > equivalent, OIDC-ly speaking, of Facebook?
> > > > >
> > > > > On 13 September 2017 at 15:41, Stian Thorgersen <
> sthorger at redhat.com
> > >
> > > > > wrote:
> > > > >
> > > > > > What are you actually trying to do? Keycloak is an OIDC IDP
> > > > > >
> > > > > > On 12 September 2017 at 17:59, Y Levine <ylevine20 at gmail.com>
> > wrote:
> > > > > >
> > > > > > > I have read
> > > > > > > http://www.keycloak.org/docs/3.2/securing_apps/topics/oidc/
> > > > > > > oidc-overview.html
> > > > > > >
> > > > > > > I may have misread as it appears to list connectors to
> KeyCloak's
> > > > OIDC
> > > > > > > ....but how do we configure KeyCloak to be the OIDC IdP?
> > > > > > > _______________________________________________
> > > > > > > keycloak-user mailing list
> > > > > > > keycloak-user at lists.jboss.org
> > > > > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > > > > >
> > > > > > _______________________________________________
> > > > > > keycloak-user mailing list
> > > > > > keycloak-user at lists.jboss.org
> > > > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > > > >
> > > > > _______________________________________________
> > > > > keycloak-user mailing list
> > > > > keycloak-user at lists.jboss.org
> > > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > > >
> > > > _______________________________________________
> > > > keycloak-user mailing list
> > > > keycloak-user at lists.jboss.org
> > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
More information about the keycloak-user
mailing list