[keycloak-user] Unable to make quickstart app-profile-saml-jee-jsp work
Kevin Cuijpers
Kevin.Cuijpers at mips.be
Fri Jul 14 11:00:46 EDT 2017
Hello,
I am trying to see if we can use KeyCloak to secure and make our current API's available through SAML.
We are running our application on Tomcat 8.5.8
I downloaded keycloak-3.2.0.Final and saml-tomcat8-adapter.
I was following the instructions described in quickstarts app-profile-saml-jee-jsp and applying it to our application.
However, I am not able to select Client Protocol: saml. I can only choose openid-connect.
In Identity Providers I tried to configure my own saml Identity Provider and use that in my setup but when I try to access the secured resource I get following error:
org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage No login page was defined for FORM authentication in context
I found a post of an older similar issue and it said it should be fixed in a new version:
http://lists.jboss.org/pipermail/keycloak-user/2016-November/008383.html
It points to https://issues.jboss.org/browse/KEYCLOAK-3669?filter=-2 but I can't find the issue.
The following things I have been trying to figure out but without success. Could you please help me clarify following questions or point me in the right direction to make it work?
- When I create a new realm I can only select Endpoints: OpenID Endpoint Configuration. I was expecting to also be able to select SAML 2.0 here or saml as described in the example.
- When I add Client, I only have Client Protocol openid-connect. If I want to add a new Identity Provider I need to add Single Sign-On Service URL: The url that must be used to send authentication requests (SAML AuthnRequest). I don't want to implement the Identity Provider. I was looking for a way to retrieve valid SAML tickets and specify what keys of the user are sent in that ticket. I would like this to be sent to a url inside my web app.
>From the description of app-profile-saml-jee-jsp I thought this is what I should be able to do but can't seem to figure it out.
Best regards,
Kevin
More information about the keycloak-user
mailing list