[satosa-users] Re: Help to implement Satosa + Keycloak + Edugain
Christian Franke
31 Jan
2023
31 Jan
'23
6:06 p.m.
On 1/31/23 08:55, Hannah Short wrote:
Hi Christian, Bertrand,
We do exactly the same at CERN (eduGAIN -> Satosa -> Keycloak) and it works well.
We are also pretty happy with Keycloak as an open source AAI (it works with our number of
clients - roughly 12,000 - and seems to have a good sustainability model). I know the EOSC
team were also enhancing Keycloak to support federations properly. We also considered Gluu
when we were deciding.
Do you have any examples of a public WAYF?
I don't have a good everview of all the available services, but when we
started out, we used the service provided by DFN:
https://wayf.aai.dfn.de/DFN-AAI-eduGAIN/wayf/www/WAYF.php
This service includes all the IdPs from DFN and eduGAIN.
Basically the limitation of any of these services is that you don't have
any control over the set of IdPs that is available and the way they are
represented, this is also the reason why we migrated to hosting our own
WAYF.
-Chris