[keycloak-user] Tomcat SAML Client adapter and infinite redirect
Leonid Rozenblyum
lrozenblyum at gmail.com
Mon May 21 04:46:11 EDT 2018
Done, reported: https://issues.jboss.org/browse/KEYCLOAK-7379
On Mon, May 21, 2018 at 10:46 AM, Hynek Mlnarik <hmlnarik at redhat.com> wrote:
> Could you please file a KEYCLOAK JIRA for improving the documentation
> here? There's a link ("Report an issue") in the relevant section which you
> can use for that.
>
> On Mon, May 21, 2018 at 8:29 AM, Leonid Rozenblyum <lrozenblyum at gmail.com>
> wrote:
>
>> Thank you very much!
>>
>> It would be a great idea to enrich the documentation on KeyCloak SAML
>> Tomcat adapter with the info about the mandatory Master SAML Processing
>> URL
>> It would be a life saver!
>>
>> On Fri, May 18, 2018 at 5:34 PM, Qiang He <Qiang.He at lombardrisk.com>
>> wrote:
>>
>> > No, you don’t need set up any listener. The adapter will automatically
>> > handle the url.
>> >
>> >
>> >
>> > Only when you don’t want to install the adapter in Tomcat, and want to
>> use
>> > the pure servlet in your SP application, you need to set up listener for
>> > the /saml url.
>> >
>> >
>> >
>> >
>> >
>> > *From:* Leonid Rozenblyum [mailto:lrozenblyum at gmail.com]
>> > *Sent:* 18 May 2018 14:53
>> > *To:* Qiang He <Qiang.He at lombardrisk.com>;
>> keycloak-user at lists.jboss.org
>> > *Subject:* Re: [keycloak-user] Tomcat SAML Client adapter and infinite
>>
>> > redirect
>> >
>> >
>> >
>> > Thank you very much Qiang He!
>> >
>> >
>> >
>> > My Master SAML Processing URL was NOT set at all in keycloak (I wasn't
>> > aware it should be set... Before trying keycloak SAML tomcat adapter
>> I've
>> > tried spring security saml extension and it didn't require this URL...)
>> >
>> >
>> >
>> > I've set it up now to <host:port>/<mywebapp>/saml
>> >
>> >
>> >
>> > It looks like the infinite redirect issue has been solved!
>> >
>> >
>> >
>> > Do I need to set up something else e.g. some listener on this /saml url
>> or
>> > tomcat adapter automatically sets up something listening to this url?
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > On Fri, May 18, 2018 at 11:25 AM, Qiang He <Qiang.He at lombardrisk.com>
>> > wrote:
>> >
>> > What's your Master SAML Processing URL in the Clients settings in the
>> > keycloak sever? Make sure it ends with "/saml",
>> >
>> > Or in your client adapter setting, set the ACS URL ending with /rest, as
>> > per the document mentioned (copied below):
>> >
>> > assertionConsumerServiceUrl
>> > URL of the assertion consumer service (ACS) where the IDP login service
>> > should send responses to. This setting is OPTIONAL. By default it is
>> unset,
>> > relying on the configuration in the IdP. When set, it must end in /saml,
>> > e.g. http://sp.domain.com/my/endpoint/for/saml. The value of this
>> > property is sent in AssertionConsumerServiceURL attribute of SAML
>> > AuthnRequest message. This property is typically accompanied by the
>> > responseBinding attribute.
>> >
>> >
>> >
>> >
>> > -----Original Message-----
>> > From: keycloak-user-bounces at lists.jboss.org [mailto:
>> keycloak-user-bounces@
>> > lists.jboss.org] On Behalf Of Leonid Rozenblyum
>> > Sent: 17 May 2018 21:06
>> > To: keycloak-user at lists.jboss.org
>> > Subject: [keycloak-user] Tomcat SAML Client adapter and infinite
>> redirect
>> >
>> > Hello everybody.
>> > I'm trying to set up Tomcat <-> Keycloak SAML integration.
>> > I've got stuck with the infinite redirect issue: after successful
>> > authentication I'm returned back to Tomcat Web app (to its protected
>> > resource) and then redirected back to keycloak with message YOU ARE
>> > ALREADY LOGGED IN.
>> >
>> > Keycloak 3.4.3
>> > Tomcat 8
>> >
>> > The problem is practically the same as described:
>> > https://stackoverflow.com/questions/43452853/unable-to-
>> > redirect-to-my-tomcat-application-after-keycloak-login
>> >
>> > The problem is reproduced when I try to load http://localhost:8080/lr/
>> > protected
>> > (the web application is attached).
>> >
>> > Thanks for every advice!
>> >
>> >
>> >
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
>
> --
>
> --Hynek
>
More information about the keycloak-user
mailing list