[keycloak-user] IDP SAMLV2.0 with Salesforce

Bill Burke bburke at redhat.com
Thu Apr 30 09:43:58 EDT 2015 

i have no idea.  Basically this error is stating that the login response 
saml document has no assertions within it.  If there are no assertions, 
then there has been no identity data sent.

I'm looking now, but can you send me a link on how to set up Salesforce 
as an IDP?  Is one able to set up a free account and such?

On 4/30/2015 9:25 AM, Henk Laracker wrote:
> Hi Bill,
>
> I don¹t know why I missed that, thanks! Salesforce respons know with the
> correct login page. After logging in in Salesforce, I¹m redirected to
> keycloak again with a internal error:
>
> Caused by: org.keycloak.broker.provider.IdentityBrokerException: Could not
> process response from SAML identity provider.
> 	at
> org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLEndpo
> int.java:299)
> 	at
> org.keycloak.broker.saml.SAMLEndpoint$Binding.handleSamlResponse(SAMLEndpoi
> nt.java:343)
> 	at
> org.keycloak.broker.saml.SAMLEndpoint$Binding.execute(SAMLEndpoint.java:169
> )
> 	at
> org.keycloak.broker.saml.SAMLEndpoint.postBinding(SAMLEndpoint.java:117)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> [rt.jar:1.8.0_45]
> 	at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:6
> 2) [rt.jar:1.8.0_45]
> 	at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImp
> l.java:43) [rt.jar:1.8.0_45]
> 	at java.lang.reflect.Method.invoke(Method.java:497) [rt.jar:1.8.0_45]
> 	at
> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:1
> 37) [resteasy-jaxrs-3.0.10.Final.jar:]
> 	at
> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethod
> Invoker.java:296) [resteasy-jaxrs-3.0.10.Final.jar:]
> 	at
> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.
> java:250) [resteasy-jaxrs-3.0.10.Final.jar:]
> 	at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Resourc
> eLocatorInvoker.java:140) [resteasy-jaxrs-3.0.10.Final.jar:]
> 	at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoke
> r.java:109) [resteasy-jaxrs-3.0.10.Final.jar:]
> 	at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Resourc
> eLocatorInvoker.java:135) [resteasy-jaxrs-3.0.10.Final.jar:]
> 	at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoke
> r.java:103) [resteasy-jaxrs-3.0.10.Final.jar:]
> 	at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.
> java:356) [resteasy-jaxrs-3.0.10.Final.jar:]
> 	... 39 more
> Caused by: org.keycloak.broker.provider.IdentityBrokerException: No
> assertion from response.
> 	at
> org.keycloak.broker.saml.SAMLEndpoint$Binding.getAssertion(SAMLEndpoint.jav
> a:309)
> 	at
> org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLEndpo
> int.java:264)
> 	... 54 more
>
> Any idea?
>
> Henk
>
>
>
>
> On 30/04/15 14:31, "Bill Burke" <bburke at redhat.com> wrote:
>
>> You want to chain keycloak server to Salesforce?
>>
>> If you create a SAMLv2 IdentityProvider in keycloak that points to
>> Salesforce, you;ll see after you create it, an Export button.  Click
>> that.  That will create an entity descriptor with all the information
>> you need.
>>
>> On 4/30/2015 2:45 AM, Henk Laracker wrote:
>>> Hi,
>>>
>>> I like to use Salesforce as Identity Provider, the metadata provided by
>>> salesforce can be imported.
>>> But I need to specify the Service Provider in salesforce, I have to fill
>>> in a couple of fields, but two of them I don¹t understand (and are
>>> mandatory). Does someone have any clue
>>>
>>>   1. entity id , remark of salesforce : get this value from your
>>>      serviceprovider
>>>   2. ACS URL, remark of slaesforce : The assertion consumer service. Get
>>>      this value from your service provider.
>>>
>>> I have tried a lot of values but every-time I click the saml button on
>>> my app, it redirects to salesforce but I get a page with the error :
>>> Error: Unable to resolve request into a Service Provider
>>>
>>> Henk
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>> --
>> Bill Burke
>> JBoss, a division of Red Hat
>> http://bill.burkecentral.com
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

More information about the keycloak-user mailing list