[keycloak-user] OAuth2 with SAML2.0 Authentication

Maurício Giacomini Penteado mauriciogiacomini at hotmail.com
Tue Feb 12 11:48:16 EST 2019

Hi folks,

I did not know that keycloak could be installed as a broker to a SAML IdP. @Pedro Igor Silva - Many thanks for your help.

I have one more question about that. Please, if anyone more can help me, let me know.

What you think?
Would it be possible to have keycloak as a broker to a set of applications providing and consuming REST services, but keep the SAML IdP directly accessible to legacy applications providing and consuming SOAP services?

Kind regards,

De: Pedro Igor Silva <psilva at redhat.com>
Enviado: segunda-feira, 11 de fevereiro de 2019 14:57
Para: Maurício Giacomini Penteado
Cc: keycloak-user at lists.jboss.org
Assunto: Re: [keycloak-user] OAuth2 with SAML2.0 Authentication


You should be able to use OpenID protocol to your applications if Keycloak is configured as a broker to your existing SAML IdP. See https://www.keycloak.org/docs/latest/server_admin/index.html#_identity_broker<https://nam01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.keycloak.org%2Fdocs%2Flatest%2Fserver_admin%2Findex.html%23_identity_broker&data=02%7C01%7C%7Cf0f5de3a082a467a71e208d690314edf%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636854938777594826&sdata=EpKOdcUX%2Foy8QmLhxla2ya8G9N13H9ewcdOAMlOtHKk%3D&reserved=0>.

Pedro Igor

On Mon, Feb 11, 2019 at 12:17 PM Maurício Giacomini Penteado <mauriciogiacomini at hotmail.com<mailto:mauriciogiacomini at hotmail.com>> wrote:
Hi folks

I am working with some legacy systems that rely on an identity server based on SAML tokens.
Therefore, I do not have the excellent features provided by the OAuth2, OpenID, and UMA specifications on these systems.

I am looking for some documents to help me activate Keycloak as an identity server that works with OAuth2, but using SAML tokens for authentication.
It would help a lot if such configurations were possible. Please, if anyone knows documents to help me, let me know.

Kind regards,

keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>

More information about the keycloak-user mailing list