[keycloak-user] How do I integrate with a SAML federation
Hannah Short
hannah.short at cern.ch
Mon Jul 29 04:32:09 EDT 2019
Hi Stephen,
Was just browsing past threads. You’ve probably solved it by now but hopefully this helps others!
We are using a SATOSA proxy to integrate with eduGAIN, which acts as an Identity Provider to our Keycloak instance: https://github.com/IdentityPython/SATOSA
In addition we use PyFF to handle the metadata: https://github.com/IdentityPython/pyFF
The benefit of using these tools is because they are maintained by the eduGAIN community and natively support many of the quirks found in Identity Federations (both technically and in terms of trust and policy).
Cheers,
Hannah
On 17 Jun 2019, at 14:48, BOOTH Stephen <s.booth at epcc.ed.ac.uk<mailto:s.booth at epcc.ed.ac.uk>> wrote:
I'm wanting configure keycloak to use authenticate against a SAML
federation (externally curated set of IdPs) rather than a single SAML
IdP. Specifically I want to support EduGAIN.
Is this something that keycloak supports natively? The form for
configuring a SAML Identity provider appears to assume a single IdP.
If not, does anyone have any suggestions for the best approach to
bridging a shibboleth SP into something keycloak can use as an Identity
provider.
Stephen
--
======================================================================
|epcc| Dr Stephen P Booth Principal Architect |epcc|
|epcc| s.booth at epcc.ed.ac.uk<mailto:s.booth at epcc.ed.ac.uk> Phone 0131 650 5746 |epcc|
======================================================================
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list