Forward Authorization Requests
Archive secured with Keycloak can be used to forward the authorization requests to other identity providers for authorizing user requests. Keycloak as an Identity Broker supports various Social Login sites as Identity Providers and also supports Identity Provider following protocols SAML v2.0, OpenID Connect v1.0 or OAuth v2.0. As per the Internet User Authorization profile, the secured archive currently supports Authorization Client and Resource Server as one entity. Future versions of archive shall eventually support these 2 actors as separate entities.
As per one's needs, one may choose to authenticate users using different Social Identity Providers.
To explain forwarding of authorization requests to an identity provider supporting protocol OpenID Connect, we use a separate standalone keycloak system.
DCM4CHEE 5 Documentation