Tech With Htunn
  • Blog Content
  • DevSecOps
    • understanding devsecops
    • shift left in devsecops
    • what is the different between SAST and DAST in devsecops?
    • what is software composition analysis (SCA)?
    • what is Software Bill of Materials (SBOM)?
    • dependency scanning in devsecops
    • what is continuous integration in devops?
    • what is continuous delivery and deployment in devops?
    • understanding containerization
    • container scanning in devsecops
  • Data Engineering
    • what is data engineering?
    • Medallion Architecture in Data Engineering
    • understanding DataOps?
    • Difference between ETL and ELT pipeline in Data Engineering
  • IAM
    • what is Identity and Access Management?
    • understanding microsoft graph api
    • what is SCIM in IAM?
    • Different between sp and idp initiated flow in saml?
    • what is the difference between OAuth-2.0 and OIDC?
    • Understanding PKCE in OAuth-2.0?
    • what is SCIM Streaming?
    • what is the meaning of Identity broker?
  • Cloud Architect
    • what is cloud archiect?
    • Understanding even-driven architecture?
    • what is cloud native architecture?
    • what is cloud native application?
    • Understanding web application firewall?
  • SRE
    • what is SRE?
    • Meaning of toil in SRE?
    • what is error budget in SRE?
    • Difference between SLA, SLO and SLI in SRE
    • Understanding MTTR in SRE?
Powered by GitBook
On this page
  1. IAM

what is the meaning of Identity broker?

Previouswhat is SCIM Streaming?Nextwhat is cloud archiect?

Last updated 4 months ago

An identity broker is an intermediary service that connects service providers with identity providers. It facilitates the use of identities from an external identity provider to access services provided by a service provider. Essentially, it acts as a bridge, enabling users to authenticate with one identity provider and gain access to multiple services without needing separate credentials for each service.

Example Using Keycloak as an Identity Broker

Let’s consider a scenario where you have a web application (Service Provider) and you want users to authenticate using their Google accounts (Identity Provider). Here’s how you can set up Keycloak as an identity broker:

  1. Set Up Keycloak:

    • Install and configure Keycloak on your server.

    • Create a new realm in Keycloak for your application.

  2. Configure Google as an Identity Provider:

    • In the Keycloak admin console, navigate to the realm you created.

    • Go to Identity Providers and select Google from the list.

    • Fill in the required details such as Client ID and Client Secret, which you can obtain from the Google Developer Console.

    • Save the configuration.

  3. Configure Your Application (Service Provider):

    • Register your application as a client in the Keycloak realm.

    • Configure the client settings, including the redirect URI and client credentials.

  4. User Authentication Flow:

    • When a user tries to access your application, they are redirected to Keycloak for authentication.

    • Keycloak presents the user with a login page where they can choose to log in with Google.

    • The user selects Google, and Keycloak redirects them to the Google login page.

    • After successful authentication with Google, the user is redirected back to Keycloak.

    • Keycloak processes the authentication response from Google and issues a token to the user.

    • The user is then redirected back to your application with the token, granting them access.

This setup allows users to log in to your application using their Google credentials, with Keycloak handling the authentication process as an intermediary.