[keycloak-dev] does keycloak 1.8 supports ECP profile on SP side?

Pedro Igor Silva psilva at redhat.com
Fri Jan 22 10:48:14 EST 2016 


Pedro Igor Craveiro e Silva
Agree with John. However, we do have some basic ECP profile on SP side, where you can obtain AuthnRequests using PAOS binding.

If you send a request to an SP using both Accept and PAOS headers accordingly with the specs, you should be able to obtain a AuthnRequest.

Regards.
Pedro Igor

----- Original Message -----
From: "John Dennis" <jdennis at redhat.com>
To: stian at redhat.com, "Arulkumar Ponnusamy" <parul.com at gmail.com>
Cc: "keycloak-dev" <keycloak-dev at lists.jboss.org>
Sent: Friday, January 22, 2016 1:22:02 PM
Subject: Re: [keycloak-dev] does keycloak 1.8 supports ECP profile on SP	side?

On 01/22/2016 03:52 AM, Stian Thorgersen wrote:
> No, at the moment we don't have any plans to support it at all. You
> should be able to find other SP libraries to use though.

If your SP is running inside Apache you can use mod_auth_mellon. We just 
finished successfully testing ECP between a mod_auth_mellon SP and 
Keycloak 1.8.0.CR1 (caveat, 1.8.0.CR1 had 1 minor issue with the media 
type which was promptly fixed by the KC team, 1.8.0 final should be fine).

The truth is an IdP such as KC doesn't need to do much to support ECP, 
most of the work for ECP is in the ECP client and the SP. So in addition 
to a working SP you'll need to make sure your ECP client plays well with 
others.

> On 22 January 2016 at 09:34, Arulkumar Ponnusamy <parul.com at gmail.com
> <mailto:parul.com at gmail.com>> wrote:
>
>     do you have any plan to implement it on SP side too on 1.9?
>
>
>     On Fri, Jan 22, 2016 at 1:35 PM, Stian Thorgersen
>     <sthorger at redhat.com <mailto:sthorger at redhat.com>> wrote:
>
>         Only IdP side
>
>         On 22 January 2016 at 05:47, Arulkumar Ponnusamy
>         <parul.com at gmail.com <mailto:parul.com at gmail.com>> wrote:
>
>             keycloak 1.8 CR release notes state, it supports SAML ECP
>             profile. want to know, is it on IDP side or it supports both
>             IDP and SP side?


-- 
John
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list