[keycloak-user] Keycloak and Salesforce IdP identity brokering

[Peter Nalyvayko]

Hello,
I am trying to integrate keycloak and Salesforce using Salesforce as an identity provider. It seems some of the information required to properly set up the Salesforce as SAML IdP is  missing in the keycloak's SAML identity provider configuration. For example, "Entity Id", according to the Salesforce documentation, is "This value comes from the service provider. Each entity ID in an organization must be unique. If you’re accessing multiple apps from your service provider, you only need to define the service provider once, and then use the RelayState parameter to append the URL values to direct the user to the correct app after signing in." (https://help.salesforce.com/HTViewHelpDoc?id=service_provider_define.htm&language=en_US). The SAML identity provider configuration in keycloak does not have a setting to specify "Entity Id". Another missing attribute is "ACS URL" (The ACS, or assertion consumer service, URL comes from the SAML service provider.). Has anyone been able to set up Salesforce as IdP and keycloak as SP using keycloak's SAML identity provider? Is this even possible given that some required parameters are missing?ThxPeter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160630/52932f49/attachment.html