[keycloak-user] KeyCloak as an OIDC

Anton kurrent93 at gmail.com
Mon Sep 25 16:42:51 EDT 2017


Did anyone find out how to achieve this using Keycloak?

On 15 September 2017 at 20:23, Anton <kurrent93 at gmail.com> wrote:

> Hi Stian
>
> Clearly you know more about this than I. But from my limited knowledge, an
> Identity Provider that supports the OIDC Protocol allows clients to
> "receive information about authenticated sessions and end-users." This
> would mean that the Identity Provider presumably needs to make user
> information available in a specific format or schema.
>
> Therefore, I am assuming there would be some specific data modeling
> requirements in the custom Identity Provider.
>
> The best example I could find of this is https://github.com/mitreid-
> connect/ldap-openid-connect-server
>
>
>
>
>
> On 15 September 2017 at 19:30, Stian Thorgersen <sthorger at redhat.com>
> wrote:
>
>> I'm not following.. What you want is secure your applications with
>> Keycloak using the OIDC protocol? If so just create a client for it in the
>> realm and away you go..?
>>
>> On 14 September 2017 at 21:25, Y Levine <ylevine20 at gmail.com> wrote:
>>
>>> Yes --- looking for similar....
>>>
>>> KeyCloak is the OIDC Identity Provider --- Applications integrate against
>>> KeyCloak via OIDC --- users would authenticate directly against login
>>> page
>>> on KeyCloak - redirected back to SP.....ala Google login process to
>>> Stackoverflow (however in this case KeyCloak is the IDP for our
>>> organization's login/password).
>>>
>>> If there are steps that can describe how above can be configured will be
>>> much appreciated.
>>>
>>>
>>> On Thu, Sep 14, 2017 at 3:04 AM, Anton <kurrent93 at gmail.com> wrote:
>>>
>>> > I cant speak for OP, but it sounds like a question I asked a while ago:
>>> >
>>> > I'm looking to build an application ( identity provider) that will have
>>> > user accounts. So, where as the typical example is a user links their
>>> > Facebook, or LinkedIn account to a Keycloak account. Im interested in
>>> > making an Identity Provider - comparable to Facebook, LinkedIn -
>>> interns of
>>> > supporting the OIDC protocol - so that user can link these accounts.
>>> >
>>> > Users then should then be able to link their account to a parent
>>> account.
>>> >
>>> > I have been reading http://www.keycloak.org/docs/3.1/server_
>>> > development/topics/identity-brokering/account-linking.html and see
>>> that
>>> > this is possible.
>>> >
>>> > I have a few questions. On the docs it says:
>>> >
>>> > > The application must already be logged in as an existing user via the
>>> > OIDC
>>> > > protocol
>>> > >
>>> > How does an application login as a user?
>>> > Does this mean the user must be logged into the Identity provider
>>> > application?
>>> >
>>> > Am I correct in assuming the Identity Provider application needs to
>>> > implement the OIDC Protocol? Is this something Keycloak can do? Are
>>> there
>>> > any examples of this?
>>> >
>>> > On 14 September 2017 at 21:29, Simon Payne <simonpayne58 at gmail.com>
>>> wrote:
>>> >
>>> > > I think the OP is referring to identity brokering where keycloak is
>>> used
>>> > to
>>> > > broker other identity providers which follow the OIDC protocol.  One
>>> of
>>> > > these brokered identity provider can be another keycloak server.
>>> > >
>>> > > On Thu, Sep 14, 2017 at 10:16 AM, Sebastien Blanc <sblanc at redhat.com
>>> >
>>> > > wrote:
>>> > >
>>> > > > As Stian said , KC is already a OIDC Idp, nothing to do here. Once
>>> your
>>> > > > realm has been created, you can see the OIDC endpoints here :
>>> > > >
>>> > > > /auth/realms/your_realm/.well-known/openid-configuration
>>> > > >
>>> > > > Or was this not the question ?
>>> > > >
>>> > > > Sebi
>>> > > >
>>> > > > On Thu, Sep 14, 2017 at 12:15 AM, Anton <kurrent93 at gmail.com>
>>> wrote:
>>> > > >
>>> > > > > I'm also interested in this.
>>> > > > > If I understand OPs question correctly, he wants to know how to
>>> be an
>>> > > > > Identity Provider that supports OIDC Protocol.
>>> > > > >
>>> > > > > For example - in the section on User initiated linked accounts -
>>> the
>>> > > > > example is that the user links their Facebook account. How to
>>> create
>>> > an
>>> > > > > equivalent, OIDC-ly speaking, of Facebook?
>>> > > > >
>>> > > > > On 13 September 2017 at 15:41, Stian Thorgersen <
>>> sthorger at redhat.com
>>> > >
>>> > > > > wrote:
>>> > > > >
>>> > > > > > What are you actually trying to do? Keycloak is an OIDC IDP
>>> > > > > >
>>> > > > > > On 12 September 2017 at 17:59, Y Levine <ylevine20 at gmail.com>
>>> > wrote:
>>> > > > > >
>>> > > > > > > I have read
>>> > > > > > > http://www.keycloak.org/docs/3.2/securing_apps/topics/oidc/
>>> > > > > > > oidc-overview.html
>>> > > > > > >
>>> > > > > > > I may have misread as it appears to list connectors to
>>> KeyCloak's
>>> > > > OIDC
>>> > > > > > > ....but how do we configure KeyCloak to be the OIDC IdP?
>>> > > > > > > _______________________________________________
>>> > > > > > > keycloak-user mailing list
>>> > > > > > > keycloak-user at lists.jboss.org
>>> > > > > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>> > > > > > >
>>> > > > > > _______________________________________________
>>> > > > > > keycloak-user mailing list
>>> > > > > > keycloak-user at lists.jboss.org
>>> > > > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>> > > > > >
>>> > > > > _______________________________________________
>>> > > > > keycloak-user mailing list
>>> > > > > keycloak-user at lists.jboss.org
>>> > > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>> > > > >
>>> > > > _______________________________________________
>>> > > > keycloak-user mailing list
>>> > > > keycloak-user at lists.jboss.org
>>> > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>> > > >
>>> > > _______________________________________________
>>> > > keycloak-user mailing list
>>> > > keycloak-user at lists.jboss.org
>>> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>> > >
>>> > _______________________________________________
>>> > keycloak-user mailing list
>>> > keycloak-user at lists.jboss.org
>>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>> >
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>


More information about the keycloak-user mailing list