SAML IDP and Keycloak Workflow in PoolParty
SAML and Keycloak Workflow diagram and explanation in PoolParty
The diagram below shows a typical workflow between the third-party SAML identity provider (IDP), PoolParty, Keycloak. Neither PoolParty, nor your external IDP needs to be aware of each other. They both connect to Keycloak but not with each other.
We show you in this diagram what happens when a user, who is managed by a SAML IDP, signs in to PoolParty:
User attempts to sign in to PoolParty.
PoolParty redirects the user to Keycloak.
Keycloak redirects the user to SAML IDP to provide the user with a federated login.
The SAML IDP provides a signin form to the user.
The user authenticates with their credentials.
The SAML IDP validates the user's credentials.
The SAML IDP generates SAML response.
The SAML IDP redirects the user to Keycloak with the SAML response.
Keycloak checks the authenticity and integrity of the response.
Keycloak maps the SAML attributes to the PoolParty assertions.
Keycloak redirects to PoolParty with an OAuth token.
PoolParty validates the token.
PoolParty assumes assertions from the token.
The authenticated user interacts with PoolParty.