[keycloak-user] How do I integrate with a SAML federation

BOOTH Stephen s.booth at epcc.ed.ac.uk
Tue Jul 30 07:43:37 EDT 2019 

Thanks to everyone who replied its really useful to have a number of 
known solutions to this problem.

For my original use case I've ended up implementing a basic OIDC Idp in 
an existing application that is already using the SAML federation, and 
can bridge to keycloak that way. This lets me seamlessly carry over my 
existing users and registrations.

				Stephen

On 29/07/2019 09:32, Hannah Short wrote:
> Hi Stephen,
> 
> Was just browsing past threads. You’ve probably solved it by now but 
> hopefully this helps others!
> 
> We are using a SATOSA proxy to integrate with eduGAIN, which acts as an 
> Identity Provider to our Keycloak instance: 
> https://github.com/IdentityPython/SATOSA
> 
> In addition we use PyFF to handle the metadata: 
> https://github.com/IdentityPython/pyFF
> 
> The benefit of using these tools is because they are maintained by the 
> eduGAIN community and natively support many of the quirks found in 
> Identity Federations (both technically and in terms of trust and policy).
> 
> Cheers,
> Hannah
> 
>> On 17 Jun 2019, at 14:48, BOOTH Stephen <s.booth at epcc.ed.ac.uk 
>> <mailto:s.booth at epcc.ed.ac.uk>> wrote:
>>
>> I'm wanting configure keycloak to use authenticate against a SAML
>> federation (externally curated set of IdPs) rather than a single SAML
>> IdP. Specifically I want to support EduGAIN.
>>
>> Is this something that keycloak supports natively? The form for
>> configuring a SAML Identity provider appears to assume a single IdP.
>>
>> If not, does anyone have any suggestions for the best approach to
>> bridging a shibboleth SP into something keycloak can use as an Identity
>> provider.
>>
>> Stephen
>>
>> -- 
>> ======================================================================
>> |epcc| Dr Stephen P Booth             Principal Architect       |epcc|
>> |epcc| s.booth at epcc.ed.ac.uk <mailto:s.booth at epcc.ed.ac.uk> 
>>          Phone 0131 650 5746       |epcc|
>> ======================================================================
>> --
>> The University of Edinburgh is a charitable body, registered in
>> Scotland, with registration number SC005336.
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
> 

-- 
======================================================================
|epcc| Dr Stephen P Booth             Principal Architect       |epcc|
|epcc| s.booth at epcc.ed.ac.uk          Phone 0131 650 5746       |epcc|
======================================================================
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

More information about the keycloak-user mailing list