Using KeyCloak as SP

taleran58 · January 28, 2020, 4:49pm

Hi,
My application supports SAML integration.
I could integrate it to OKTA directly, however my SAML is a bit complex and I need additional attributes that OKTA cannot get.
I would like to try to use KeyCloak as a proxy between OKTA and my application to complete this information as follow:

User logs in to OKTA or clicks on the OKTA button on the KeyCloak login page.
The user gets SAML assertion and redirects to KeyCloak.
KeyCloak receives user session and using an extension integrates with an LDAP server to fetch additional attributes.
KeyCloak creates a new SAML assertion with user information and additional attributes and response back to the user and redirects him to my application with a newly assembled SAML assertion.

So far I have no lack with creating such use case.
Either IDP initiating from OKTA to KC is not an option, and\or SP initiating from KC to OKTA and back to KC and my application is not an option.

What do you think?
Is that an acceptable scenario?

KeycloakUser1 · October 21, 2021, 9:24pm

Hi @taleran58, did you manage to get this workflow to work? I have a similar requirement. Kindly let me know.

Topic		Replies	Views
Custom Application -> Keycloak Identity Brokering -> Okta Authentication	1	546	October 21, 2021
SSO + Okta + Keycloak + SAML2.0 saml	1	887	April 12, 2022
RFC 7522 Support? Configuring the server authentication	2	1140	June 2, 2022
IDP initiated SSO with Keycloak as SP	1	399	December 12, 2023
How to perform IDP initiated login in keycloak saml Configuring the server authentication , saml	3	3541	February 27, 2023

Using KeyCloak as SP

Related Topics