[keycloak-user] Force POST setting in SAML??
Max Allan
max.allan+keycloak at surevine.com
Thu Aug 2 09:42:44 EDT 2018
Hi,
I have a SAML SP that needs both POST and Redirect methods in the
sp_metadata file. (if redirect is missing then it fails to even startup the
app)
A bit of fiddling and I noticed the "Force POST Binding" in the client
config. If I turn if OFF then both POST and Redirect lines appear in the
installation file. Nice.
However, when the user tries to login, something (Keycloak I'm pretty sure)
gets things wildly wrong and the browser ends up at the SP's redirect URI
with the "SAMLRequest=...." in the URL.
The SP doesn't know how to process that (that's for Keycloak). So it fails
to login.
If I leave "Force POST" ON, then the sp_metadata needs a manual edit to
include the Redirect method. But at least the user can login.
Can anyone explain what's going on? Why do I need to set it off to generate
the xml for the SP and then back on to actually work??
Thanks,
Max
More information about the keycloak-user
mailing list