Skip to content

First release

Pre-release
Pre-release

Choose a tag to compare

View all tags
@oculos oculos released this 20 Nov 13:25
· 59 commits to main since this release
0.1b
ae30c22

This is the first release of the Keycloak Platform SSO extension.

Known limitations

  • Secure Enclave-only: this extension only implements the Secure Enclave authentication method.
  • Fixed client: to use this extension, you need to create a client called psso. In the future we will make this configure. The client needs to be public and it needs to include the urn:apple:platformsso scope.
  • Revoke Refresh Token needs to be off: the refresh token is used for login, as it is used as an opaque token to authenticate and identify the user. In the future we might change this. This is the default option in Keycloak.
  • Missing ACR/LoA and other checks: If you use ACS/LoA, there are no checks on this authenticator. It will be implemented.
  • Might be incompatible with the Organizations feature: We based our Authenticator on the Cookies Authenticator, which does a series of checks, including organization checks. These are not implemented here yet.
Assets 3
Loading