[keycloak-user] Implementation of Keycloak (SAML) with Google Apps

Stian Thorgersen sthorger at redhat.com
Thu Nov 26 02:42:59 EST 2015


Blank page with a 403?

The URL is missing '/auth/'. Unless you've changed the context-path
Keycloak is deployed to the url should be
https://xyz/auth/realms/myrealmname/protocol/saml/googleapps
<https://xyz/realms/myrealmname/protocol/saml/googleapps>

On 25 November 2015 at 23:33, Thomas Schweizer-Bolzonello <
thomas at schweizer.fr> wrote:

> Hello Marek,
>
> Thanks for pointing me on this ressource. Very useful.
> I'm now on these settings :
>
> Client ID : googleapps
> Name : My Test Saml
> Enabled : On
> Include AuthnStatement : On
> Sign Assertions : On (RSA_SHA256, EXCLUSIVE)
> Client Signature Required : On
> Name ID Format : email
> IDP Initiated SSO URL Name : googleapps
> ==
> Assertion Consumer Service Redirect Binding URL :
> https://www.google.com/a/mydomain.com/acs
>
> When I'm accessing (manually or set via Google Admin console in SSO
> settings) the following URL :
> https://xyz/realms/myrealmname/protocol/saml/googleapps .. i'm facing
> a totally blank page
>
> Error in Wildfly log :
> 23:25:04,136 WARN  [org.jboss.resteasy.core.ExceptionHandler] (default
> task-107) failed to execute: javax.ws.rs.NotFoundException: Could not
> find resource for full path:
> https://xyz/realms/myrealmname/protocol/saml/googleapps
>
> Any idea ?
>
> Thanks
>
> Best regards,
> Thomas
>
> 2015-11-25 11:51 GMT+01:00 Marek Posolda <mposolda at redhat.com>:
> > Longer time ago, I did the integration of picketlink with Google Apps,
> which
> > is documented here:
> >
> https://docs.jboss.org/author/display/PLINK/Picketlink+as+IDP,+Google+Apps+as+SP
> > . Some steps might be outdated, but hopefully most of them is still
> > applicable and can be (maybe with some tweaks) applied for Keycloak as
> well.
> > Especially the part for configuring on Google side. I did not tried in
> > practice with Keycloak yet, but I think that you may want to:
> > - Use clientId like "google.com/a/yourdomain.com" for your client where
> > yourdomain.com is your Google-Apps domain
> > - Select "Sign assertions" so google-apps will verify the signature on
> > assertion with the realm key you uploaded
> >
> > Other options might be kept default probably (not sure at 100% as I
> didn't
> > try it myself yet)
> >
> > Marek
> >
> >
> > On 25/11/15 10:42, Thomas Schweizer-Bolzonello wrote:
> >
> > Hello,
> > Does someone have documentation on how to implement Keycloak with Google
> > Apps ?
> > I tried to implement a SAML client in a Keycloak realm but I'm lost
> > with settings when creating one.
> >
> > Tried to use the official documentation and to search on the web but
> > to no avail.
> >
> > If someone could point me to what settings to use in the SAML client I
> > created, it would be great.
> > I already took the key generated for the realm and uploaded it to Google
> > Apps.
> >
> > Best regards,
> > Thomas
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151126/31f922ba/attachment.html 


More information about the keycloak-user mailing list