[keycloak-dev] missing SingleSignOnService SOAP binding; ECP won't work

Pedro Igor Silva psilva at redhat.com
Wed Apr 20 08:22:04 EDT 2016 

Hi John,

   I've added the SOAP binding to the list of SingleSignOnService:

   <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:8080/auth/realms/saml-demo/protocol/saml"/>
   <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://localhost:8080/auth/realms/saml-demo/protocol/saml"/>
   <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://localhost:8080/auth/realms/saml-demo/protocol/saml"/>

Regards.
Pedro Igor   

----- Original Message -----
From: "Pedro Igor Silva" <psilva at redhat.com>
To: "John Dennis" <jdennis at redhat.com>
Cc: "keycloak-dev" <keycloak-dev at lists.jboss.org>, "Nathan Kinder" <nkinder at redhat.com>
Sent: Friday, April 15, 2016 1:47:14 PM
Subject: Re: [keycloak-dev] missing SingleSignOnService SOAP binding; ECP won't work

Btw, created https://issues.jboss.org/browse/KEYCLOAK-2835.

----- Original Message -----
From: "Pedro Igor Silva" <psilva at redhat.com>
To: "John Dennis" <jdennis at redhat.com>
Cc: "keycloak-dev" <keycloak-dev at lists.jboss.org>, "Nathan Kinder" <nkinder at redhat.com>
Sent: Friday, April 15, 2016 1:40:43 PM
Subject: Re: [keycloak-dev] missing SingleSignOnService SOAP binding; ECP won't work

Hi John,

    I think we never added SOAP to IdP metadata. I pretty sure we did all those ECP tests without it.

    In any case, I'm going to change IdP Metadata to advertise the SOAP binding.

Regards.
Pedro Igor

----- Original Message -----
From: "John Dennis" <jdennis at redhat.com>
To: "keycloak-dev" <keycloak-dev at lists.jboss.org>, "Nathan Kinder" <nkinder at redhat.com>, "Adam Young" <ayoung at redhat.com>
Sent: Friday, April 15, 2016 11:04:55 AM
Subject: [keycloak-dev] missing SingleSignOnService SOAP binding;	ECP won't work

Using keycloak-1.9.0.Final only the HTTP-POST and HTTP-Redirect bindings 
are advertised in the IdP Metadata for SingleSignOnService.

The SOAP SingleSignOnService was added when it was discovered to be 
missing in the 1.8 cycle, or so I thought. Did it get added in a 
different release or did it get lost somehow?

Anyway, it's really important. SAML ECP won't work unless you advertise 
support for it.


-- 
John
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list