[keycloak-user] Keycloak as an identity provider (either SAML or OpenID Connect)?
Rafael Weingärtner
rafaelweingartner at gmail.com
Thu Jun 21 04:33:21 EDT 2018
Thanks for the answer Stian.
>From my readings and testing, it looks like Keycloak is able to have
“multiple IdPs inside itself”. I mean, it uses the idea of “realms”, and
they can have different configurations. Therefore, for an external client
(SP), each realm will look like a different IdP. At least, that is my
feeling when I discovered the “OpenID Connect discovery URL” (
http://localhost:8080/auth/realms/master/.well-known/openid-configuration).
On Thu, Jun 21, 2018 at 10:28 AM, Stian Thorgersen <sthorger at redhat.com>
wrote:
> Of course Keycloak can stand on its own. Brokering is just an additional
> optional thing.
>
> On 21 Jun 2018 9:33 am, "Rafael Weingärtner" <rafaelweingartner at gmail.com>
> wrote:
>
> Hello, Keycloak community,
>
> I am evaluating Keycloak, and after some reading, I got the impression that
> it supports OpenID Connect and SAML (which fits exactly on my requirement).
> However, after installing it, and digging a little deeper in the
> configuration overview, I got confused.
>
> I have used OpenID Connect before with MITREid implementation. So, when I
> install and configure MITREid IdP, it will be working as an IdP for my
> federation. I understand that key cloak can do identity brokering, which is
> super nice, but what I wonder is the following. Is Keycloak prepared to be
> an IdP out of the box with either SAML or OpenID Connect protocols? Or,
> Does it depends on IdPs that implement those protocols to work?
>
> --
> Rafael Weingärtner
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
--
Rafael Weingärtner
More information about the keycloak-user
mailing list