BayernID (a service provided by the AKDB on behalf of the Free State of Bavaria) is
a digital identity, citizens and businesses; and
Organisations related to the management of digital
Can use administrative services. It aims to make it clear online
identify and offer different authentication levels
(weak authentication by username and password, substantial
Authentication by ELSTER or high authentication via eID/nPA).
It also offers transfers to other regional accounts and to the Federal Government’s user account.

BayernID’s direct integration with technical procedures is carried out in accordance with the SAML2 protocol.

Because the direct integration of each specialist process server is based on:
certificates and metadata to be exchanged are cumbersome,
Munich capital, an intermediate identity provider
(IDP) based on KeyCloak software (or most of which is of the same type as construction)
commercial counterpart RedHat Single Sign On (RH-SSO). This has led to
Advantage that the associated technical procedures only with this IDP
Building trust and confidence, both OpenID Connect (OIDC)
and SAML2 as protcoll.

However, the connection of a KeyCloak/RH-SSO to BayernID does not support:
all of them need BayernID functionalities. E.g. for the requirement:
a minimum level of trust or also for the requirement of explicit attributes;
intervene in the SAML2 request, which is native
not supported by KeyCloak/RH-SSO.

For this reason, a plugin was introduced by the City of Munich.
develops a corresponding extension of KeyCloak/RH-SSO
done. This makes it possible for the associated technical procedures to:
desired minimum level of trust or specific attributes (by scope or individually)
to be explicitly requested – both via OIDC and SAML2. Besides
the plugin allows user data sets to be clearly on the same
Fold the dataset in KeyCloak/RH-SSO so that, for example, a
Authorisation can be used.