[keycloak-user] SaaS idp brokering
Dmitry Telegin
dt at acutus.pro
Tue Nov 13 22:15:06 EST 2018
Hello MJ,
Quick question: do you plan to decommission both your Keycloak and sister institute's IdP, and migrate everything to a SaaS IdP? Or you want both your IdPs broker to SaaS? Or is your sister institute going to migrate to SaaS IdP, and you have to broker to it from your Keycloak?
All the options are viable and will do the job. As always, each has benefits and drawbacks.
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro
On Tue, 2018-11-13 at 10:23 +0100, mj wrote:
> Hi,
>
> This question is slightly off-topic, I hope it's allowed to ask here.
>
> We are using keycloak as an IdP, loving it. One of our sister institutes
> is using another (openid connect / saml2 compatible) IdP.
>
> Now a new project: Trying to achieve web SSO across both institutes, for
> several web applications, mostly supporting only one single IdP.
>
> We have made a PoC using keycloak's brokering function, and it worked
> nicely. However, our sister institute prefers a SaaS solution.
>
> I've done my googling, but terminology is confusingly different:
> - onelogin ("trusted IdP")
> - okta ("inbound federation")
> - gluu ("inbound identity")
> and obviously
> - keycloak ("IdP brokering") (but not saas)
>
> and I am not even sure that the above solution are really the same as
> keycloak's IdP brokering, and that they would solve our SSO requirement.
> (doing a PoC would be the next step)
>
> So I am asking for recommendations from the guru's here. What are the
> do's and don't for something like this? Perhaps suggestions what to look
> for, what to avoid, what other products to take a look at, etc, etc.
>
> Insights?
>
> Thanks very much in advance, and again: apologies for being a bit
> off-topic, hope not to offend anyone.
>
> MJ
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list