I want to be able to use the authentication from the same (AzureAD) IDP that i set up as external IAM Identity provider directly without having to prompt the end-user to authenticate for the public client (keycloak).Something like token-exchange, on-behalf-of or worst case CIBA would kind of resolve my requirements, but none of these flows seems to be active/enabled in keycloak out-of-the-box, and since this is supposed to be SaaS, we’d prefer minimal requirements for custom configuration on the customers IFS/Keycloak.EDIT: Or use a confidential client from our back-end API to the projections API, but with impersonation of the actual end user to maintain user permissions and identity, if that is in any way possible?
Already have an account? Login
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
Sorry, we're still checking this file's contents to make sure it's safe to download. Please try again in a few minutes.
Sorry, our virus scanner detected that this file isn't safe to download.