Federated OAuth Support

j2eeservices · February 23, 2022, 6:31pm

Hello,

I am new to KeyCloak and want opinion if the following flow is possible with KeyCloak?

KeyCloak Client (OIDC) → KeyCloak IAM (SAML) <-> Customer IDP

Basically, all internal apps will always interface with KeyCloak IAM(via Keycloak client adapter) using OIDC, but the customer may want to use SAML protocol for Federation.
So, the expectation is that client will always trigger the OIDC Flow to KeyCloak IAM, but KeyCloak should trigger the SAML flow with the IDP. Once the user is logged in at their IDP and directed back to KeyCloak with valid SAML response, KeyCloak should resume the OIDC flow and return the token back to Keycloak client.

Any help in this regard appreciated.

mbonn · February 24, 2022, 7:05am

Yes, that is possible, it is all in the docs:

https://www.keycloak.org/docs/latest/server_admin/index.html#_identity_broker
https://www.keycloak.org/docs/latest/server_admin/index.html#saml-v2-0-identity-providers

What will not work: Automatic integration of identity providers described in a standard SAML federation metadata file. Everything has to be configured manually.

|matthias

Topic		Replies	Views
SAML Login to OIDC Site Getting advice identity-brokering , oidc , saml	6	728	March 28, 2024
Saml to OIDC conversion	0	685	June 4, 2020
External IDP initiated login to OIDC client? Is this possible? Configuring the server	3	509	October 21, 2021
SAML + OpenID Connect Getting advice authentication , oidc , saml	0	110	March 14, 2024
Keycloak as SP with external SAML IDP Getting advice saml	12	5168	January 25, 2023

Federated OAuth Support

Related Topics