Hi Brenton, > I'd like to configure a Cyrus deployment to use an OpenID Connect Provider (Keycloak server) for authentication purposes. Interesting. Especially if you do it in such a way that it is not just usable for HTTP clients but also for, say, IMAP, SMTP and LDAP. I may be confusing OpenID versions here, but you are aware of the OPENID20 mechanism defined in RFC 6616? > I couldn't find any off-the-shelf / pre-existing connector. So I thought I'd write one, and make it available to the Community. Possibly related, we are working on an embedding of SASL in HTTP, https://datatracker.ietf.org/doc/html/draft-vanrein-diameter-sasl The intention here is to allow embedding any SASL mechanism in HTTP as in other protocols. I think OpenID defines its own ways but if it is like SAML and supports a variety of protocol embeddings than this could be helpful. > c) might be useful to others. It is always useful when SASL connectivity improves. Especially when the code is available to all. -Rick ------------------------------------------ Cyrus: SASL Permalink: https://cyrus.topicbox.com/groups/sasl/T507fc7ab05af3690-Mc3cc77b7f60ee314f60eb1ad Delivery options: https://cyrus.topicbox.com/groups/sasl/subscription
