This is a macOS Platform SSO Extension developed at the University of Oslo for use with Apple Platform Single Sign-on for macOS and a Keycloak IdP that has installed the Keycloak Platform Single Sign-on extension.
- Allows users with registered devices to login in passwordless (when using the Secure Enclave Authentication Method) to Keycloak
- Due to design choices, when the IdP requires reauthentication and the AuthenticationMethod is "Password", the reauthentication process is handled entirely by Keycloak. When using Secure Enclave, a local re-authentication is used.
Compile this with XCode and install on your Mac. It requires a companion MDM profile.
More information about how to configure this extension to your own use can be found on the wiki page of this repo: https://github.com/unioslo/weblogin-mac-sso-extension/wiki
Thanks to Timothy Perfitt from Twocanoes for the inspiration provided with their tutorials and code regarding SSO Extensions. His tutorial code on how to build a SSO Extension was particularly useful to understand a few concepts regarding how SSO Extensions work.