[keycloak-user] Fwd: What should the endpoint be for a Keycloak IDP initiated SSO?
Hynek Mlnarik
hmlnarik at redhat.com
Mon Oct 2 07:40:09 EDT 2017
Any SAML application, e.g.
https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-profile-saml-jee-jsp.
--Hynek
On Mon, Oct 2, 2017 at 1:09 PM, Alik Elzin <kilaka at gmail.com> wrote:
> Do you know of a Keycloak example that supports idp-initiated sso?
>
> On Mon, Oct 2, 2017 at 1:54 PM, Hynek Mlnarik <hmlnarik at redhat.com> wrote:
>>
>> You cannot use saml-broker-authentication demo application for this
>> purpose since it is an OIDC application, and IDP-initiated SSO is not
>> supported in OIDC. The saml-broker-authentication example shows how to
>> broker a SAML IdP - SAML is used for communication between the
>> brokering IdP and brokered IdP. If you want to use IDP-initiated SSO,
>> you need a SAML client. In that client's configuration, you would get
>> the IDP Initiated SSO URL Name field to fill in.
>>
>> On Mon, Oct 2, 2017 at 12:33 PM, Alik Elzin <kilaka at gmail.com> wrote:
>> > Than you Hynek,
>> > I still don't understand how to build the URL.
>> > Can you give an example of a full filled URL?
>> > Do you have a specific URL for the saml-broker-authentication example?
>> > Thanks.
>> >
>> >
>> > On Mon, Oct 2, 2017 at 9:31 AM, Hynek Mlnarik <hmlnarik at redhat.com>
>> > wrote:
>> >>
>> >> See
>> >>
>> >> http://www.keycloak.org/docs/latest/server_admin/topics/clients/saml/idp-initiated-login.html:
>> >>
>> >> In the Settings tab for your client, you need to specify the IDP
>> >> Initiated SSO URL Name. This is a simple string with no whitespace in
>> >> it. After this you can reference your client at the following URL:
>> >> root/auth/realms/{realm}/protocol/saml/clients/{url-name}
>> >>
>> >> --Hynek
>> >>
>> >>
>> >> On Mon, Oct 2, 2017 at 7:01 AM, Alik Elzin <kilaka at gmail.com> wrote:
>> >> > Hi.
>> >> >
>> >> > I managed to run the saml-broker-authentication example
>> >> >
>> >> >
>> >> > <https://github.com/keycloak/keycloak/tree/3.2.1.Final/examples/broker/saml-broker-authentication>
>> >> > .
>> >> >
>> >> > SP initiated SSO works OK.
>> >> >
>> >> > What should the IDP initiated SSO URL be?
>> >> >
>> >> > * I also posted the question in SO:
>> >> >
>> >> >
>> >> > https://stackoverflow.com/questions/46423301/what-should-the-endpoint-be-for-a-keycloak-idp-initiated-sso
>> >> >
>> >> > Thanks.
>> >> > _______________________________________________
>> >> > keycloak-user mailing list
>> >> > keycloak-user at lists.jboss.org
>> >> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >>
>> >>
>> >>
>> >> --
>> >>
>> >> --Hynek
>> >>
>> >>
>> >> --
>> >>
>> >> --Hynek
>> >> _______________________________________________
>> >> keycloak-user mailing list
>> >> keycloak-user at lists.jboss.org
>> >> https://lists.jboss.org/mailman/listinfo/keycloak-user
>> >
>> >
>>
>>
>>
>> --
>>
>> --Hynek
>
>
--
--Hynek
More information about the keycloak-user
mailing list