[keycloak-user] Fwd: What should the endpoint be for a Keycloak IDP initiated SSO?
Alik Elzin
kilaka at gmail.com
Mon Oct 2 07:09:07 EDT 2017
Do you know of a Keycloak example that supports idp-initiated sso?
On Mon, Oct 2, 2017 at 1:54 PM, Hynek Mlnarik <hmlnarik at redhat.com> wrote:
> You cannot use saml-broker-authentication demo application for this
> purpose since it is an OIDC application, and IDP-initiated SSO is not
> supported in OIDC. The saml-broker-authentication example shows how to
> broker a SAML IdP - SAML is used for communication between the
> brokering IdP and brokered IdP. If you want to use IDP-initiated SSO,
> you need a SAML client. In that client's configuration, you would get
> the IDP Initiated SSO URL Name field to fill in.
>
> On Mon, Oct 2, 2017 at 12:33 PM, Alik Elzin <kilaka at gmail.com> wrote:
> > Than you Hynek,
> > I still don't understand how to build the URL.
> > Can you give an example of a full filled URL?
> > Do you have a specific URL for the saml-broker-authentication example?
> > Thanks.
> >
> >
> > On Mon, Oct 2, 2017 at 9:31 AM, Hynek Mlnarik <hmlnarik at redhat.com>
> wrote:
> >>
> >> See
> >> http://www.keycloak.org/docs/latest/server_admin/topics/
> clients/saml/idp-initiated-login.html:
> >>
> >> In the Settings tab for your client, you need to specify the IDP
> >> Initiated SSO URL Name. This is a simple string with no whitespace in
> >> it. After this you can reference your client at the following URL:
> >> root/auth/realms/{realm}/protocol/saml/clients/{url-name}
> >>
> >> --Hynek
> >>
> >>
> >> On Mon, Oct 2, 2017 at 7:01 AM, Alik Elzin <kilaka at gmail.com> wrote:
> >> > Hi.
> >> >
> >> > I managed to run the saml-broker-authentication example
> >> >
> >> > <https://github.com/keycloak/keycloak/tree/3.2.1.Final/
> examples/broker/saml-broker-authentication>
> >> > .
> >> >
> >> > SP initiated SSO works OK.
> >> >
> >> > What should the IDP initiated SSO URL be?
> >> >
> >> > * I also posted the question in SO:
> >> >
> >> > https://stackoverflow.com/questions/46423301/what-
> should-the-endpoint-be-for-a-keycloak-idp-initiated-sso
> >> >
> >> > Thanks.
> >> > _______________________________________________
> >> > keycloak-user mailing list
> >> > keycloak-user at lists.jboss.org
> >> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >>
> >>
> >>
> >> --
> >>
> >> --Hynek
> >>
> >>
> >> --
> >>
> >> --Hynek
> >> _______________________________________________
> >> keycloak-user mailing list
> >> keycloak-user at lists.jboss.org
> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> >
>
>
>
> --
>
> --Hynek
>
More information about the keycloak-user
mailing list