[keycloak-user] SSO in web and desktop application

Luis Rodríguez Fernández uo67113 at gmail.com
Fri Apr 6 03:28:59 EDT 2018 

Hello Emmanuele,


If the client-server app is a browser it should be able to make the SAML
authentication request to your IdP and consume the SAMLResponse from your
IdP [1]. For this you can use SAML Java Servlet Filter Adapter  [2]

Perhaps I am missing somethig, sorry...

Hope it helps,

Luis

[1]
http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0-cd-02.html#5.1.2.SP-Initiated%20SSO:%20%20Redirect/POST%20Bindings|outline
[2]
http://www.keycloak.org/docs/latest/securing_apps/index.html#java-servlet-filter-adapter







2018-04-05 19:14 GMT+02:00 Emanuele Gesuato <Emanuele.Gesuato at finantix.com>:

> Hi Subodh,
>
> it is what I thought but it looks like rest api are available only for
> open-id not for saml protocol.
>
> To retrieve access-token I need to enable access-type as "public" or
> "confidential" but it is an option available only for open-id clients.
>
> When I try to run
>  curl   -d "client_id=admin_client"   -d "username=admin"   -d
> "password=password"   -d "grant_type=password"   "
> http://<host>:<port>/auth/realms/master/protocol/openid-connect/token"
>
> I got error ( "admin_client" is a saml client):
> {"error":"unauthorized_client","error_description":"Client secret not
> provided in request"}
>
> but:
> 1. access type can be changed as "public" or "confidential" only for
> openId clients.
> 2. client secret cannot be generated for saml clients.
>
>
> Am I missing something ?
> many thanks for any help,
> Emanuele
>
>
>
>
>
>
> From:   Subodh Joshi <subodhcjoshi82 at gmail.com>
> To:     Emanuele Gesuato <Emanuele.Gesuato at finantix.com>
> Cc:     keycloak-user <keycloak-user at lists.jboss.org>
> Date:   05/04/2018 17:35
> Subject:        Re: [keycloak-user] SSO in web and desktop application
> Sent by:        keycloak-user-bounces at lists.jboss.org
>
>
>
> I don't know if I can understand it clearly but is this not possible
> through keycloak rest-api ?
>
> On Thu, 5 Apr 2018, 19:38 Emanuele Gesuato,
> <Emanuele.Gesuato at finantix.com>
> wrote:
>
> > Sorry for previous messages, not sure what happened
> > ******
> > Hi everyone,
> >
> > we are using the tomcat 7 adapter of keycloak 3.4.3 (SAML). We managed
> > also to install the server side part and to integrate the keycloak with
> an
> > our web application. Now when user access to siteA he is correctly
> > redirected to keycloak login page and after login he is redirected to
> the
> > application itself. It is working fine.
> >
> > Problem is the following. We are not trying to integrate SSO in the
> > following way:
> > 1. User opens browser and goes to our siteA
> > 2. User correctly logins
> > 3. In user desktop there is an our client-server application developed
> in
> > java and our goal is to have the user logged in automatically because we
> > are sharing same set of users. Moreover, siteA and the server side
> > application are different clients in the same realm.
> >
> > The client-server application is basically a webapplication, where the
> > client part is a "custom" browser that restricts the user to do only
> some
> > operations. The browser widget is a custom one but we can change if
> > required.
> >
> > Is it possible to do such thing ? How ?
> >
> > I think we need to "share" something between the request of siteA and
> the
> > application itself.
> > I tried to share the JSESSIONID but it was not working; after
> > investigation I found that JSESSIONID is not useful for my purpose.
> >
> > I hope to have explained clearly my issue,
> > thanks for any help
> >
> >
> >
> > From:   "Emanuele Gesuato" <Emanuele.Gesuato at finantix.com>
> > To:     keycloak-user at lists.jboss.org
> > Date:   05/04/2018 15:58
> > Subject:        Re: [keycloak-user] SSO in web and desktop application
> > Sent by:        keycloak-user-bounces at lists.jboss.org
> >
> >
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> >
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>



-- 

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett

More information about the keycloak-user mailing list