https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25796 --- Comment #3 from David Cook <dcook@prosentient.com.au> --- Unless the Keycloak uses Koha as its backend user storage, I suppose that could circumvent a number of Koha business rules though. That would need to be checked. Hmm this is interesting: https://developers.google.com/identity/sign-in/web/backend-auth In that example, you get the id_token from your SSO IdP, and then you send it to your other backend server (eg. Koha), and then Koha can verify the token (at this point it can create a new user if one is missing, or it can validate an existing user). Then Koha could return whatever. Hmm needs more thought. -- You are receiving this mail because: You are watching all bug changes.