[keycloak-dev] Details on SAML Soap Binding support in Keycloak

[Rashmi Singh]

Thanks John. Can you please provide me the scripts you mentioned? I can get
started with that.

On 7 Dec 2016 10:18, "John Dennis" <jdennis at redhat.com> wrote:

> On 12/07/2016 07:21 AM, Rashmi Singh wrote:
>
>> We have a requirement to setup a SAML SP that sends SOAP request to the
>> keycloak IDP which returns the SOAP response to the SAML SP. We would like
>> to know if keycloak supports this? We came across something called as ECP
>> that probably provides this support but cant find details on how to
>> use/implement it. Could you provide us with some pointers on this?
>>
>
> Yes Keycloak SOAP works, we use it in our environments to implement ECP.
>
> Also, are there any sample SP that we can use to send SOAP requests to IDP?
>> If not, any pointers on how to set this all up?
>>
>
> ECP is it's own client independent of the SP and IdP, it sits between the
> SP and IdP during the authentication flow. On the SP side the SP must know
> how process a request from an ECP client. The IdP only needs to know how
> process SOAP messages (which Keycloak does). The idea behind ECP is it is
> intended for non-browser clients which cannot perform the necessary
> redirects so instead the ECP client acts as a go-between shuttling messages
> between itself and the SP and between itself and the IdP. ECP transactions
> are relatively easy to implement. I have 2 scripts I use for testing ECP,
> one is a shell script and the other is a python script which uses the Lasso
> library (same library used by our mod_auth_mellon SP implementation, which
> also supports ECP). I can provide you with the scripts but they are meant
> for testing and would need some clean up for your environment. The
> Shibboleth SP also supports ECP but we do not support it (we only support
> mod_auth_mellon at the moment).
>
> If you could be more specific as to what the customer needs it would help
> focus the discussion.
>
>
>
> --
> John
>