I have a Rest service which is registered as bearer-only client in Keycloak (openid-connect). This Rest service works fine with keycloak auth protection. I also have Angular Web UI which bootstaps by keycloak js adaptor and get login screen from keycloak for authentication.
Now I have my user database behind Ping Federate IdP and I have no access to create SP connection.
What details should I provide to Ping Federate IdP admin to allow keycloak to act as broker between my Rest service/Angular UI and Ping federate IdP?
I tried adding SAML 2.0 IdP in keycloak and have to set SSO and SLO urls as /idp/startSSO.ping and /idp/startSLO.ping and when I try to access these URLs it throws error of contact admin.
Is my Rest service or Angular UI should have SAML2.0 adapters to communicate with keycloak? i.e. do my existing applications still work if I have to auth protect using SAML2.0 based IdPs via keycloak IdP brokering?
Asked
Active
Viewed 1,190 times
2
Sandeep Kumar
- 288
- 1
- 11
-
1Did you find a solution yet? I am searching all over the internet. – Kai Schneider Apr 24 '18 at 15:22
-
@KaiSchneider Not yet. But what I understood is my application uses OAuth2.0/OpenIdc code flow to communicate with keycloak and PingFederate Idp is configured with Saml2.0 for keycloak SP. You can change PingFederate configuration to act as OAuth2.0/OpenIdc provider so keycloak may act as broker. – Sandeep Kumar Apr 25 '18 at 17:02
-
do you have any detailed documentation on this? – tryingToLearn Apr 30 '19 at 07:18