[keycloak-user] IDP Initiated Login

Bill Burke bburke at redhat.com
Wed Feb 22 21:10:02 EST 2017 

OIDC/OAuth doesn't have an IDP initiated protocol.  You'll have to 
create a URL somewhere that links to your app which will then redirect 
to Keycloak.


On 2/22/17 8:23 PM, John D. Ament wrote:
> Looks like I answered half of my question -
> https://issues.jboss.org/browse/KEYCLOAK-4454
>
> Seems like it will only work if I'm using SAML.
>
> John
>
> On Wed, Feb 22, 2017 at 5:18 PM John D. Ament <john.d.ament at gmail.com>
> wrote:
>
>> Changing the subject to be a bit clearer about the problems.
>>
>> I think I'm understanding a bit further.  when reading through
>> https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/clients/saml/idp-initiated-login.html
>>
>> - It seems like my application has to be SAML.  I cannot do an OIDC based
>> solution.
>> - First thing I have to do is add IDP Initiated SSO URL Name to my
>> application.
>> - The confusing part is about if my application requires... this seems a
>> bit odd, since I'm using the Keycloak adapter but sure.
>> - The part that's missing is what gets setup in the actual broker.  You
>> mention IDP Initiated SSO URL Name but I don't see that field in IDPs.  In
>> general these look like Keycloak specific parameters.
>>
>> Any thoughts?
>>
>> John
>>
>> On Mon, Feb 20, 2017 at 7:18 AM John D. Ament <john.d.ament at gmail.com>
>> wrote:
>>
>> Ok, so I was able to get SP initiated working fine.  I had only tried IDP
>> when I sent this mail out.
>>
>> I'm going through this doc, and its not clear to me on a few areas:
>> https://keycloak.gitbooks.io/server-adminstration-guide/content/topics/clients/saml/idp-initiated-login.html
>>
>> - I have my application (the SP) and the SAML IDP (Okta in this case).  I
>> have a link on the okta portal to login automatically to my SP.
>> - I think the webpage is saying that this only works if I'm using the SAML
>> connector for keycloak, is that accurate?
>> - All of my Okta settings are from getting SP initiated working.  Do any
>> of those need to change?
>> - Do I in fact setup Okta as a SAML client in Keycloak?
>>
>> John
>>
>>
>> On Sun, Feb 19, 2017 at 8:47 PM John D. Ament <john.d.ament at gmail.com>
>> wrote:
>>
>> Hi
>>
>> Just wondering, has anyone setup Keycloak w/ Okta?  Every time I try to
>> authenticate (both SP initiated and IdP initiated) it fails with this error
>>
>> 01:40:54,626 WARN  [org.keycloak.events] (default task-7)
>> type=IDENTITY_PROVIDER_LOGIN_ERROR, realmId=tenant1, clientId=null,
>> userId=null, ipAddress=172.17.0.1, error=staleCodeMessage
>> 01:40:54,627 ERROR [org.keycloak.services.resources.IdentityBrokerService]
>> (default task-7) staleCodeMessage
>>
>> I suspect its a setup issue on my side, so was hoping someone else has
>> tried this and can give tips.  I even tried the import feature, no luck.
>>
>> John
>>
>>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

More information about the keycloak-user mailing list