[keycloak-user] For tomcat SAML adapter, is /saml required in URL?

ken edward kedward777 at gmail.com
Mon Jun 12 15:52:49 EDT 2017


Hello,

I am implementing the tomcat SAML adapter with the IdP being ADFS.

QUESTION:
1.) I see the below reference in the doc that seems to say the /saml
needs to the appended to the URL of the SP? or is this only for
servlet adapter and NOT tomcat adapter that my have servlets?

"For each servlet-based adapter, the endpoint you register for the
assert consumer service URL and and single logout service must be the
base URL of your servlet application with /saml appended to it, that
is, https://example.com/contextPath/saml."

as in the below ???


    <SP entityID="http://localhost:8081/sales-post-sig/saml"
        sslPolicy="EXTERNAL"
        nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
        logoutPage="/saml/logout.jsp"
        forceAuthentication="false"
        isPassive="false"
        turnOffChangeSessionIdOnLogin="false">
        <Keys>
            <Key signing="true" >
                <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
                    <PrivateKey
alias="http://localhost:8080/sales-post-sig/" password="test123"/>
                    <Certificate alias="http://localhost:8080/sales-post-sig/"/>
                </KeyStore>
            </Key>
        </Keys>

Ken


More information about the keycloak-user mailing list