[keycloak-user] Implementation of Keycloak (SAML) with Google Apps

Stian Thorgersen sthorger at redhat.com
Thu Nov 26 03:22:23 EST 2015 

Try "https://xyz/realms/myrealmname/protocol/saml
<https://xyz/realms/myrealmname/protocol/saml/googleapps>", dropping
"googleapps"

On 26 November 2015 at 09:10, Thomas Schweizer-Bolzonello <
thomas at schweizer.fr> wrote:

> Hello Stian,
> Blank page with a 404
>
> I removed /auth because I redeployed Keycloak on root context with this :
>
> http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e426
>
> I tried to create a new realm but same problem : blank page + 404
>
> Full error in log is here :
> https://gist.github.com/ThomasSchweizer/a1ce825bd245d5261250
>
> Thomas
>
> 2015-11-26 8:42 GMT+01:00 Stian Thorgersen <sthorger at redhat.com>:
> > Blank page with a 403?
> >
> > The URL is missing '/auth/'. Unless you've changed the context-path
> Keycloak
> > is deployed to the url should be
> > https://xyz/auth/realms/myrealmname/protocol/saml/googleapps
> >
> > On 25 November 2015 at 23:33, Thomas Schweizer-Bolzonello
> > <thomas at schweizer.fr> wrote:
> >>
> >> Hello Marek,
> >>
> >> Thanks for pointing me on this ressource. Very useful.
> >> I'm now on these settings :
> >>
> >> Client ID : googleapps
> >> Name : My Test Saml
> >> Enabled : On
> >> Include AuthnStatement : On
> >> Sign Assertions : On (RSA_SHA256, EXCLUSIVE)
> >> Client Signature Required : On
> >> Name ID Format : email
> >> IDP Initiated SSO URL Name : googleapps
> >> ==
> >> Assertion Consumer Service Redirect Binding URL :
> >> https://www.google.com/a/mydomain.com/acs
> >>
> >> When I'm accessing (manually or set via Google Admin console in SSO
> >> settings) the following URL :
> >> https://xyz/realms/myrealmname/protocol/saml/googleapps .. i'm facing
> >> a totally blank page
> >>
> >> Error in Wildfly log :
> >> 23:25:04,136 WARN  [org.jboss.resteasy.core.ExceptionHandler] (default
> >> task-107) failed to execute: javax.ws.rs.NotFoundException: Could not
> >> find resource for full path:
> >> https://xyz/realms/myrealmname/protocol/saml/googleapps
> >>
> >> Any idea ?
> >>
> >> Thanks
> >>
> >> Best regards,
> >> Thomas
> >>
> >> 2015-11-25 11:51 GMT+01:00 Marek Posolda <mposolda at redhat.com>:
> >> > Longer time ago, I did the integration of picketlink with Google Apps,
> >> > which
> >> > is documented here:
> >> >
> >> >
> https://docs.jboss.org/author/display/PLINK/Picketlink+as+IDP,+Google+Apps+as+SP
> >> > . Some steps might be outdated, but hopefully most of them is still
> >> > applicable and can be (maybe with some tweaks) applied for Keycloak as
> >> > well.
> >> > Especially the part for configuring on Google side. I did not tried in
> >> > practice with Keycloak yet, but I think that you may want to:
> >> > - Use clientId like "google.com/a/yourdomain.com" for your client
> where
> >> > yourdomain.com is your Google-Apps domain
> >> > - Select "Sign assertions" so google-apps will verify the signature on
> >> > assertion with the realm key you uploaded
> >> >
> >> > Other options might be kept default probably (not sure at 100% as I
> >> > didn't
> >> > try it myself yet)
> >> >
> >> > Marek
> >> >
> >> >
> >> > On 25/11/15 10:42, Thomas Schweizer-Bolzonello wrote:
> >> >
> >> > Hello,
> >> > Does someone have documentation on how to implement Keycloak with
> Google
> >> > Apps ?
> >> > I tried to implement a SAML client in a Keycloak realm but I'm lost
> >> > with settings when creating one.
> >> >
> >> > Tried to use the official documentation and to search on the web but
> >> > to no avail.
> >> >
> >> > If someone could point me to what settings to use in the SAML client I
> >> > created, it would be great.
> >> > I already took the key generated for the realm and uploaded it to
> Google
> >> > Apps.
> >> >
> >> > Best regards,
> >> > Thomas
> >> > _______________________________________________
> >> > keycloak-user mailing list
> >> > keycloak-user at lists.jboss.org
> >> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >> >
> >> >
> >> _______________________________________________
> >> keycloak-user mailing list
> >> keycloak-user at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151126/304b20c0/attachment.html

More information about the keycloak-user mailing list