Wondering if anyone has done this with other SSO provider solutions.
Most people simply use the out-of-the-box Keycloak solution we provide.
There are some exceptions, let me ask @Rich and @Don some advice.
Optionally you can also look into integrating your identity provider of choice into Keycloak.
You can check the Keycloak documentation on this.
Hi,
Yes we use the OpenID Connect functionality in Keycloak to connect it with the identity provider of the customer in some projects. When the user navigates to our system, a login screen of the other identity provider is shown. With a valid token the user logs into our system. If its the first time, that user gets created in the OpenRemote Keycloak too, so we can assign roles to them.
Is that what you are looking for?
Don
The manager is tightly coupled to keycloak at present and would take some work to decouple.
As I think has been mentioned, Keycloak supports external identity providers i.e. chaining.
For example keycloak can be configured to use Google, FB, etc. for authentication.