Skip to main content

SAML IDP and Keycloak Workflow in Graph Modeling

The diagram below shows a typical workflow between the third-party SAML identity provider (IDP), Graph Modeling (formerly PoolParty), Keycloak. Neither Graph Modeling, nor your external IDP needs to be aware of each other. They both connect to Keycloak but not with each other.

2022-07-28_14_14_34-PP_Keycloak_SAML_Workflow_-_Google_Drawings.png

We show you in this diagram what happens when a user, who is managed by a SAML IDP, signs in to PoolParty:

  1. User attempts to sign in to Graph Modeling.

  2. Graph Modeling redirects the user to Keycloak.

  3. Keycloak redirects the user to SAML IDP to provide the user with a federated login.

  4. The SAML IDP provides a signin form to the user.

  5. The user authenticates with their credentials.

  6. The SAML IDP validates the user's credentials.

  7. The SAML IDP generates SAML response.

  8. The SAML IDP redirects the user to Keycloak with the SAML response.

  9. Keycloak checks the authenticity and integrity of the response.

  10. Keycloak maps the SAML attributes to the Graph Modeling assertions.

  11. Keycloak redirects to Graph Modeling with an OAuth token.

  12. Graph Modeling validates the token.

  13. Graph Modeling assumes assertions from the token.

  14. The authenticated user interacts with Graph Modeling.