I'm working on a project that includes AWS ec2, Amazon Connect, Keycloak, and NetIQ Access Manager. At this moment I successfully created a SSO mechanism to connect users to Amazon Connect by using Keycloak.
I have done this by following these steps:
I have created an ec2 instance and created a docker container with keycloak
I have configured all the stuff needed for Keycloak to work with SAML protocol and redirect users to Amazon Connect
Now, I have some questions about the integration between Keycloak and NetIQ Access Manager because I don't know if there are problems when my instance resided on a private subnet (project requirement).
My question is: if I have the instance on a private subnet with keycloak docker container running on it, I can communicate with NetIQ Access Manager using the SAML protocol?
I have tried only with Keycloak, and everything is ok but I can't use a docker container to test NetIQ Access Manager.
In fact with Docker container I can redirect the user from SSO phase with keycloak to Amazon Connect with the SAML protocol.
I need this type of flow because the users via a specific portal need to log on the SP (service provider) NetIQ and for the login phase is will be used SSO mechanism with Keycloak, after this log in the users (with right permissions and credentials) will be redirected to Amazon Connect.
I hope my question/s is/are clear and sorry if a made mistakes with language.
there are several ways to implement SAML2, the simplest one is the HTTP POST Binding mode, in this way the client (browse) must be able to connect with both IDP and SP, it doesn't matter if on a public network or private. In this mode, direct communication between the IDP and the SP is not required.