[keycloak-user] Fwd: What should the endpoint be for a Keycloak IDP initiated SSO?
Hynek Mlnarik
hmlnarik at redhat.com
Mon Oct 2 06:54:00 EDT 2017
You cannot use saml-broker-authentication demo application for this
purpose since it is an OIDC application, and IDP-initiated SSO is not
supported in OIDC. The saml-broker-authentication example shows how to
broker a SAML IdP - SAML is used for communication between the
brokering IdP and brokered IdP. If you want to use IDP-initiated SSO,
you need a SAML client. In that client's configuration, you would get
the IDP Initiated SSO URL Name field to fill in.
On Mon, Oct 2, 2017 at 12:33 PM, Alik Elzin <kilaka at gmail.com> wrote:
> Than you Hynek,
> I still don't understand how to build the URL.
> Can you give an example of a full filled URL?
> Do you have a specific URL for the saml-broker-authentication example?
> Thanks.
>
>
> On Mon, Oct 2, 2017 at 9:31 AM, Hynek Mlnarik <hmlnarik at redhat.com> wrote:
>>
>> See
>> http://www.keycloak.org/docs/latest/server_admin/topics/clients/saml/idp-initiated-login.html:
>>
>> In the Settings tab for your client, you need to specify the IDP
>> Initiated SSO URL Name. This is a simple string with no whitespace in
>> it. After this you can reference your client at the following URL:
>> root/auth/realms/{realm}/protocol/saml/clients/{url-name}
>>
>> --Hynek
>>
>>
>> On Mon, Oct 2, 2017 at 7:01 AM, Alik Elzin <kilaka at gmail.com> wrote:
>> > Hi.
>> >
>> > I managed to run the saml-broker-authentication example
>> >
>> > <https://github.com/keycloak/keycloak/tree/3.2.1.Final/examples/broker/saml-broker-authentication>
>> > .
>> >
>> > SP initiated SSO works OK.
>> >
>> > What should the IDP initiated SSO URL be?
>> >
>> > * I also posted the question in SO:
>> >
>> > https://stackoverflow.com/questions/46423301/what-should-the-endpoint-be-for-a-keycloak-idp-initiated-sso
>> >
>> > Thanks.
>> > _______________________________________________
>> > keycloak-user mailing list
>> > keycloak-user at lists.jboss.org
>> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>>
>>
>> --
>>
>> --Hynek
>>
>>
>> --
>>
>> --Hynek
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
--
--Hynek
More information about the keycloak-user
mailing list