libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

broker

Browse source
This commit is contained in:
Bill Burke 2016-05-27 14:18:47 -04:00
parent d8236e4f22
commit 05d4ea2733
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
topics/identity-broker/overview.adoc
View file

@ -28,7 +28,7 @@ image:../../images/identity_broker_flow.png[]
This is what we call _identity federation_. This is what we call _identity federation_.
If the user already exists Keycloak may ask him to link the identity returned from the identity provider with his existing account. If the user already exists Keycloak may ask him to link the identity returned from the identity provider with his existing account.
A process that we call _account linking_. A process that we call _account linking_.
What exactly is done is configurable and can be specified by setup of <<_identity_broker_first_login,First Login Flow>> . At the end of this step, Keycloak authenticates the user and issues its own token in order to access the requested resource in the service provider. What exactly is done is configurable and can be specified by setup of <<fake/../../identity-broker/first-login-flow.adoc#_identity_broker_first_login,First Login Flow>> . At the end of this step, Keycloak authenticates the user and issues its own token in order to access the requested resource in the service provider.
. Once the user is locally authenticated, Keycloak redirects the user to the service provider by sending the token previously issued during the local authentication. . Once the user is locally authenticated, Keycloak redirects the user to the service provider by sending the token previously issued during the local authentication.
. The service provider receives the token from Keycloak and allows access to the protected resource. . The service provider receives the token from Keycloak and allows access to the protected resource.