[keycloak-user] Login via SAML RESPONSE from an IdP
Luis Rodríguez Fernández
uo67113 at gmail.com
Thu Nov 8 05:10:09 EST 2018
Hello Karsten,
Yes it is possible, please have a look here [1]. Of course you will need to
confire your SP with your specific SAML adapter [2]
Hope it helps,
Luis
ps: just for the records: I always use SP initiated login, it looks more
"natural" to me :)
[1]
https://www.keycloak.org/docs/latest/server_admin/index.html#idp-initiated-login
[2]
https://www.keycloak.org/docs/latest/securing_apps/index.html#_saml-general-config
El jue., 8 nov. 2018 a las 10:51, Karsten Honsack (<
karsten.honsack at zurich.com>) escribió:
> Hello everybody,
>
> I am trying to figure out if Keycloak is capable to fulfil the following
> requirement. I read through the documentation but was not able to figure it
> out.
>
> Scenario:
> A user is on a website where he has the possibility to jump to web
> applications of different partners via SSO. The website provider only
> supports IdP Initiated SSO and the button links provided are SAML Assertion
> Consumer URLs. The flow describes what should be happening for my
> understanding:
>
> Flow:
> 1. User login on website.
> 2. User clicks on button.
> 3. Website creates an encrypted SAML RESPONSE using its STS, redirects
> user to Keycloak's SAML Assertion Consumer URL and POSTs the SAML RESPONSE
> there.
> 4. Keycloak decrypts/validates SAML RESPONSE and authenticates the user.
> 5. Keycloak redirects user to the application.
> 6. User uses application.
>
> Is this possible? How has it to be configured? Do you need any more
> information to help me? Thank you in advance!
>
> Best regards
>
> Karsten Honsack
>
> **************************************
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
More information about the keycloak-user
mailing list