Hello everyone,
My company develops a web application that uses Keycloak to authenticate / manages users.
We would like to accept authentication from Edugain but Edugain is not only one federation: it is an interconnection of many federations.
Therefore, if I want to accept Edugain it means I have to import one by one each Edugain Federation and our end users have to choose the right one in a list.
Example:
- if I have these Edugain federations:
- Federation A
- Federation B
- Federation C
- Federation D
- I have to import / create an identity provider for each one in Keycloak:
- Federation A
- Federation B
- Federation C
- Federation D
- the end user has to choose the Edugain Federation in which he/she has an account: Federation C
This is not a good option in term or ergonomy because there are too many federations...
I discovered Satosa and maybe I'm wrong (as I was not able to implement it yet) but I have the feeling it could help us 🙂
The scheme I try to obtain is: our internal application -> Keycloak -> Satosa -> Edugain
The idea is this one:
- Keycloak should see only one Identity Provider 'Edugain': in reality it is Satosa behind
- and Satosa discovers the Edugain federations
I'm not comfortable with these technologies / these protocols (Keycloak, Satosa, SP, IDP, SAML, etc) and therefore I don't understand how to configure all components...
Is this someone did the same (Keycloak or Gluu + Satosa + Edugain) and could share with me an example of configurations please?
At least the Satosa configuration files (frontend, backend, etc).
Thank you very much :)
Bertrand