[keycloak-user] Implementation of Keycloak (SAML) with Google Apps
Thomas Schweizer-Bolzonello
thomas at schweizer.fr
Thu Nov 26 03:10:52 EST 2015
Hello Stian,
Blank page with a 404
I removed /auth because I redeployed Keycloak on root context with this :
http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e426
I tried to create a new realm but same problem : blank page + 404
Full error in log is here :
https://gist.github.com/ThomasSchweizer/a1ce825bd245d5261250
Thomas
2015-11-26 8:42 GMT+01:00 Stian Thorgersen <sthorger at redhat.com>:
> Blank page with a 403?
>
> The URL is missing '/auth/'. Unless you've changed the context-path Keycloak
> is deployed to the url should be
> https://xyz/auth/realms/myrealmname/protocol/saml/googleapps
>
> On 25 November 2015 at 23:33, Thomas Schweizer-Bolzonello
> <thomas at schweizer.fr> wrote:
>>
>> Hello Marek,
>>
>> Thanks for pointing me on this ressource. Very useful.
>> I'm now on these settings :
>>
>> Client ID : googleapps
>> Name : My Test Saml
>> Enabled : On
>> Include AuthnStatement : On
>> Sign Assertions : On (RSA_SHA256, EXCLUSIVE)
>> Client Signature Required : On
>> Name ID Format : email
>> IDP Initiated SSO URL Name : googleapps
>> ==
>> Assertion Consumer Service Redirect Binding URL :
>> https://www.google.com/a/mydomain.com/acs
>>
>> When I'm accessing (manually or set via Google Admin console in SSO
>> settings) the following URL :
>> https://xyz/realms/myrealmname/protocol/saml/googleapps .. i'm facing
>> a totally blank page
>>
>> Error in Wildfly log :
>> 23:25:04,136 WARN [org.jboss.resteasy.core.ExceptionHandler] (default
>> task-107) failed to execute: javax.ws.rs.NotFoundException: Could not
>> find resource for full path:
>> https://xyz/realms/myrealmname/protocol/saml/googleapps
>>
>> Any idea ?
>>
>> Thanks
>>
>> Best regards,
>> Thomas
>>
>> 2015-11-25 11:51 GMT+01:00 Marek Posolda <mposolda at redhat.com>:
>> > Longer time ago, I did the integration of picketlink with Google Apps,
>> > which
>> > is documented here:
>> >
>> > https://docs.jboss.org/author/display/PLINK/Picketlink+as+IDP,+Google+Apps+as+SP
>> > . Some steps might be outdated, but hopefully most of them is still
>> > applicable and can be (maybe with some tweaks) applied for Keycloak as
>> > well.
>> > Especially the part for configuring on Google side. I did not tried in
>> > practice with Keycloak yet, but I think that you may want to:
>> > - Use clientId like "google.com/a/yourdomain.com" for your client where
>> > yourdomain.com is your Google-Apps domain
>> > - Select "Sign assertions" so google-apps will verify the signature on
>> > assertion with the realm key you uploaded
>> >
>> > Other options might be kept default probably (not sure at 100% as I
>> > didn't
>> > try it myself yet)
>> >
>> > Marek
>> >
>> >
>> > On 25/11/15 10:42, Thomas Schweizer-Bolzonello wrote:
>> >
>> > Hello,
>> > Does someone have documentation on how to implement Keycloak with Google
>> > Apps ?
>> > I tried to implement a SAML client in a Keycloak realm but I'm lost
>> > with settings when creating one.
>> >
>> > Tried to use the official documentation and to search on the web but
>> > to no avail.
>> >
>> > If someone could point me to what settings to use in the SAML client I
>> > created, it would be great.
>> > I already took the key generated for the realm and uploaded it to Google
>> > Apps.
>> >
>> > Best regards,
>> > Thomas
>> > _______________________________________________
>> > keycloak-user mailing list
>> > keycloak-user at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >
>> >
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
More information about the keycloak-user
mailing list