--
You received this message because you are subscribed to the Google Groups "Keycloak Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/c3d6f762-6d2c-42eb-a6d6-b05d48cbd638%40googlegroups.com.
I would say so yes. Would be good to have support for "urn:ietf:params:oauth:token-type:saml2" in request, subject and actor tokens, if we want to expand into supporting SAML as well.Can you elaborate a bit more on the AWS STS use-case you are referring to? Does it validate a SAML assertion issued by Keycloak, to then issue tokens for AWS resources?
On Thu, 7 May 2020 at 03:21, Hiroyuki Wada <wada...@gmail.com> wrote:
Hi,--Currently, the implementation of token exchange in keycloak doesn't support exchanging from access token/id token to SAML 2.0 assertion which is defined as "urn:ietf:params:oauth:token-type:saml2" token type in https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16.Our use-case, for example, is that integration with AWS STS which accepts SAML token.I found similar issues in JIRA. But it seems that they are for exchanging from SAML to access token/id token.I'd like to propose adding this feature, is a pull request for it welcomed?Best regards,--Hiroyuki Wada
You received this message because you are subscribed to the Google Groups "Keycloak Dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keyclo...@googlegroups.com.
Thank you for your comment.Is it OK to create a new JIRA ticket for supporting this use-case (from id token or access token to SAML 2.0 assertion)?
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/4d263a6b-33f1-402f-9ada-e0d031a9645c%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-dev/4d263a6b-33f1-402f-9ada-e0d031a9645c%40googlegroups.com.