Support SAML login via Keycloak
It seems that via Keycloak, you can "add" SAML to Talkyard: (Talkyard probably will not support SAML natively the nearest many years, today is July 2020.)
-
In Talkyard, configure OIDC login with Keycloak as the OIDC identity provider:
https://www.keycloak.org/docs/6.0/server_admin/#oidc-clients
(once OIDC is available — likely in August 2020)
This makes Talkyard an Keycloak client; Ty will send people to Keycloack to login. -
Configure KeyCloak to be an Identity Broker, that is, a "help service" that connects Talkyard and other services you might have, with different identity providers (IDP:s), one of which can be your SAML 2 identity provider.
Here you can read about Keycloak as an Identity Broker:
https://www.keycloak.org/docs/6.0/server_admin/#_identity_broker -
Add your SAML 2 identity provider to Keycloak:
https://www.keycloak.org/docs/6.0/server_admin/#saml-v2-0-identity-providers
(I hope it's fine to combine a SAML identity provider with an OIDC client, don't know why wouldn't be.)
(Thanks for the idea, Joseph @elsherbini )