[keycloak-user] Keycloak IDP Brokering + Spring Boot/Angular
Luis Rodríguez Fernández
uo67113 at gmail.com
Fri Apr 13 12:19:51 EDT 2018
Hello Suleyman,
The sample [1] application of the spring-security-saml [2] worked like a
charm for me for the. I just needed to specify the metadata URL of my idp
in org.opensaml.saml2.metadata.provider.HTTPMetadataProvider bean
of sample/src/main/webapp/WEB-INF/securityContext.xml [3] In my setup I was
using openAM as IdP
In your case I iimagine that you have to register ADFS as IdP [4], get the
SP metadata [5] and use it in your app? Or perhaps you have to register
your app as a saml client [6]
Hope it helps,
[1]
https://github.com/spring-projects/spring-security-saml/tree/develop/sample
[2] https://github.com/spring-projects/spring-security-saml
[3]
https://docs.spring.io/spring-security-saml/docs/1.0.0.RELEASE/reference/html/chapter-quick-start.html
[4]
https://www.keycloak.org/docs/latest/server_admin/index.html#saml-v2-0-identity-providers
[5]
https://www.keycloak.org/docs/latest/server_admin/index.html#_identity_broker_saml_sp_descriptor
[6]
https://www.keycloak.org/docs/latest/server_admin/index.html#saml-clients
2018-04-11 17:17 GMT+02:00 Yildirim, Suleyman <
suleyman.yildirim at accenture.com>:
> Hi all,
>
> As a novice person in security and Keycloak, I have setup Keycloak
> Identity Provider to interact with ADFS using link
> http://blog.keycloak.org/2017/03/how-to-setup-ms-ad-fs-30-as-brokered.html.
> I wonder how we test this setting using Angular and Spring Boot. Some
> details are below:
>
> We are using Angular 1.x and Spring Boot for the project. I have
> implemented SSO with open id connect but implementation part of SAML is
> still confusing. There are tutorials for OpenID connect but not with SAML.
> How do we send SAML request to external ADFS using IDP broker using Spring
> Boot/Angular? Do I need to use Java adapters for that?
>
> Best Regards,
> Suleyman
>
>
> ________________________________
>
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise confidential information. If you have
> received it in error, please notify the sender immediately and delete the
> original. Any other use of the e-mail by you is prohibited. Where allowed
> by local law, electronic communications with Accenture and its affiliates,
> including e-mail and instant messaging (including content), may be scanned
> by our systems for the purposes of information security and assessment of
> internal compliance with Accenture policy. Your privacy is important to us.
> Accenture uses your personal data only in compliance with data protection
> laws. For further information on how Accenture processes your personal
> data, please see our privacy statement at https://www.accenture.com/us-
> en/privacy-policy.
> ____________________________________________________________
> __________________________
>
> www.accenture.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
More information about the keycloak-user
mailing list