SAML Discovery Service in Identity Brokering
542 views
Skip to first unread message
Felipe Cardoso
Aug 11, 2020, 6:24:28 PM8/11/20
to Keycloak User
I am trying to set up Keycloak as Identity Brokering and I would like to know if it is possible to use a SAML federation discovery service (for example, WAYF).
Regards,
Felipe Cardoso.
Jan Guznar
Aug 13, 2020, 9:09:13 AM8/13/20
to Keycloak User
Hi,
Did you manage to do this?
Jan
Dne středa 12. srpna 2020 v 0:24:28 UTC+2 uživatel felipepas...@gmail.com napsal:
Felipe Cardoso
Aug 14, 2020, 9:09:12 AM8/14/20
to Jan Guznar, Keycloak User
Hi,
No, I didn't make it.
Do you have any tip? Does the keycloak allow you to configure a Discovery Service instead of a SAML v2.0 Identity Providers?
Thanks
No, I didn't make it.
Do you have any tip? Does the keycloak allow you to configure a Discovery Service instead of a SAML v2.0 Identity Providers?
Thanks
--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/8208217b-44c4-4a89-9296-45c469d1cd6en%40googlegroups.com.
--
Felipe Cardoso
Assistente Técnico - GIdLab@RNP
sal...@gmail.com
Aug 14, 2020, 11:32:11 AM8/14/20
to Keycloak User
I am also looking for the same solution. Has anyone done KeyCloak Federation for eduGAIN?
hannah...@cern.ch
Aug 17, 2020, 2:45:40 AM8/17/20
to Keycloak User
Hi all,
We added a SAML IdP proxy in front of Keycloak, which acts as a single Identity Provider in Keycloak. We wanted to use multilateral federation directly with eduGAIN as well, so Keycloak really didn't offer what we needed. I used SaToSa (https://github.com/IdentityPython/SATOSA) for the IdP Proxy and Pyff (https://github.com/IdentityPython/pyFF) for the discovery service but you could use something else e.g. SimpleSAMLphp (https://simplesamlphp.org).
Cheers,
Hannah
Thomas Darimont
Aug 17, 2020, 4:48:23 AM8/17/20
to hannah...@cern.ch, Keycloak User
Hello Hannah,
this sounds very interesting! Could you provide us with a bit more details about the integration?
What would need to be added to Keycloak to make this easier for you?
Cheers,
Thomas
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/b3ec5e38-8915-4e24-9065-1d57df33f007n%40googlegroups.com.
sal...@gmail.com
Aug 17, 2020, 6:44:25 AM8/17/20
to Keycloak User
Dear
Hannah and Thomas,
We are exploring the possibility of implementing a KeyCloak to connect to eduGAIN. I am new as far as KeyCloak is concerned, in addition to KeyCloak we are also testing a GLUU server. (https://www.gluu.org/)
Hannah certainly has more experience, it would be GREAT if KeyCloak can upgrade with all the modules needed for eduGAIN. (https://edugain.org/)
Hannah, I would be very grateful if you could help us with the implementation of KeyClaok for eduGAIN, and do you know any reliable solution for WAYF? Or do you recommend Discovery Service?
Note: We are a decentralized system, and we cannot have one central SSO / IDP.
I was able to connect KeyCloak as an IDP with Google services as a SP. When logging in to Google services, our users are redirected to our KeyCloak server, and after authentication to KeyCloak, they get access to Google. (Note: Google is not an IDP).
QUESTION: Can KeyCloak do "Provisioning" users from KeyCloak to Google? Only users with a Google Account can sign in. We are currently working on Sync between LDAP / AD and Google, but that solution is extra work.
Best Regards,
Salko
Comte Frédéric
Aug 18, 2022, 4:05:25 AM8/18/22
to Keycloak User
I have the same usecase, Is there something new in keycloak to use a Samlv2 Discovery Service ?
Best Regards
Reply all
Reply to author
Forward
0 new messages