[keycloak-user] Identity Brokering, external IDP require nonce
triton oidc
triton.oidc at gmail.com
Tue Mar 27 04:35:09 EDT 2018
Hi,
indeed i used the keycloak beta (had an issue with the build)
@Jerome it worked like a charm
Apologies for missing this commit and disturbing you for something that was
already fixed
Just for information my issue was with France Connect too
Thanks for your help
Amaury
On Mon, Mar 26, 2018 at 6:35 PM, Marek Posolda <mposolda at redhat.com> wrote:
> You can even download latest Keycloak 4.0.Beta . I think it should be
> there. No even need to build anything from sources :)
>
> Marek
>
>
> On 26/03/18 16:50, Jérôme Blanchard wrote:
>
>> Hi triton,
>> I have submitted a pull request that should fixe that. (
>> https://github.com/keycloak/keycloak/pull/5082)
>> Could you try with the latest sources and confirm that it works now ?
>> Thanks,
>> Best regards, Jérôme.
>>
>> Le lun. 26 mars 2018 à 15:40, triton oidc <triton.oidc at gmail.com> a
>> écrit :
>>
>> Hi,
>>>
>>> in my scenario, i'm using Keycloak as an IDP broker.
>>> It works fine with a lot of configuration.
>>>
>>> I build keycloak from source 3 weeks ago.
>>>
>>> However the IDP i'm trying to integrate right now requires a nonce in the
>>> first call on the authorization endpoint.
>>>
>>>
>>> https://myidp.com/authorize?scope=openid+profile&state=state
>>> &response_type=code&client_id=clientid&redirect_uri=redirect_uri
>>> fails
>>> but if i manually add "&nonce=1234" in the url it works
>>>
>>> I could not find an option in the external IDP concerning this nonce
>>> generation.
>>> Did i miss something ?
>>> Should i ask for a feature and i'll wait for someone to look at it ?
>>>
>>> any help would be appreciated
>>>
>>> Thanks a lot
>>>
>>> Amaury
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
>
More information about the keycloak-user
mailing list