[keycloak-dev] Issue with BrowserHandler using the saml2 adapter in wildfly 10
Daniel Schmidt
list-keycloak at ad-schmidt.de
Fri Oct 27 02:47:53 EDT 2017
Hi everybody,
I just started to use the SAML2-authentication-adapter of Keycloak in
Wildfly 10. I use it according to this documentation:
http://www.keycloak.org/docs/3.0/securing_apps/topics/saml/java/jboss-adapter/securing_wars.html
As it did not work, I debugged into the adapter code and narrowed the
problem down to
org.keycloak.adapters.saml.undertow.UndertowSamlAuthenticator.createBrowserHandler(HttpFacade,
SamlDeployment, SamlSessionStore) where a
org.keycloak.adapters.saml.profile.webbrowsersso.BrowserHandler is
instantiated.
This BrowserHandler always passes null as samlRequest, samlResponse and
relayState. When I create a
org.keycloak.adapters.saml.profile.webbrowsersso.WebBrowserSsoAuthenticationHandler
instead, the code works as expected.
Is this a bug in the BrowserHandler or am I missing some important
configuration option?
--
Another question on this topic:
The configuration with <secure-deployment >...</secure-deployment>
bypasses any existing <login-module> as far as I can see. Is this the case?
Is there any possibility to configure a custom login-module that could
authenticate a user before using the Keycloak authentication mechanism?
I would like to use the Keycloak authentication as a fallback only.
Thanks in advance,
Daniel Schmidt
More information about the keycloak-dev
mailing list