[keycloak-user] Implementation of Keycloak (SAML) with Google Apps

Thomas Schweizer-Bolzonello thomas at schweizer.fr
Wed Nov 25 17:33:09 EST 2015 

Hello Marek,

Thanks for pointing me on this ressource. Very useful.
I'm now on these settings :

Client ID : googleapps
Name : My Test Saml
Enabled : On
Include AuthnStatement : On
Sign Assertions : On (RSA_SHA256, EXCLUSIVE)
Client Signature Required : On
Name ID Format : email
IDP Initiated SSO URL Name : googleapps
==
Assertion Consumer Service Redirect Binding URL :
https://www.google.com/a/mydomain.com/acs

When I'm accessing (manually or set via Google Admin console in SSO
settings) the following URL :
https://xyz/realms/myrealmname/protocol/saml/googleapps .. i'm facing
a totally blank page

Error in Wildfly log :
23:25:04,136 WARN  [org.jboss.resteasy.core.ExceptionHandler] (default
task-107) failed to execute: javax.ws.rs.NotFoundException: Could not
find resource for full path:
https://xyz/realms/myrealmname/protocol/saml/googleapps

Any idea ?

Thanks

Best regards,
Thomas

2015-11-25 11:51 GMT+01:00 Marek Posolda <mposolda at redhat.com>:
> Longer time ago, I did the integration of picketlink with Google Apps, which
> is documented here:
> https://docs.jboss.org/author/display/PLINK/Picketlink+as+IDP,+Google+Apps+as+SP
> . Some steps might be outdated, but hopefully most of them is still
> applicable and can be (maybe with some tweaks) applied for Keycloak as well.
> Especially the part for configuring on Google side. I did not tried in
> practice with Keycloak yet, but I think that you may want to:
> - Use clientId like "google.com/a/yourdomain.com" for your client where
> yourdomain.com is your Google-Apps domain
> - Select "Sign assertions" so google-apps will verify the signature on
> assertion with the realm key you uploaded
>
> Other options might be kept default probably (not sure at 100% as I didn't
> try it myself yet)
>
> Marek
>
>
> On 25/11/15 10:42, Thomas Schweizer-Bolzonello wrote:
>
> Hello,
> Does someone have documentation on how to implement Keycloak with Google
> Apps ?
> I tried to implement a SAML client in a Keycloak realm but I'm lost
> with settings when creating one.
>
> Tried to use the official documentation and to search on the web but
> to no avail.
>
> If someone could point me to what settings to use in the SAML client I
> created, it would be great.
> I already took the key generated for the realm and uploaded it to Google
> Apps.
>
> Best regards,
> Thomas
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>

More information about the keycloak-user mailing list