[keycloak-user] Login via SAML RESPONSE from an IdP
Karsten Honsack
karsten.honsack at zurich.com
Thu Nov 8 05:28:42 EST 2018
Hi Luis,
thank you for the fast help! I was looking at the brokering section. That was totally wrong in this case. I will build a test scenario and try this out.
Best regards
Karsten Honsack
-----Ursprüngliche Nachricht-----
Von: keycloak-user-bounces at lists.jboss.org <keycloak-user-bounces at lists.jboss.org> Im Auftrag von Luis Rodríguez Fernández
Gesendet: Donnerstag, 8. November 2018 11:10
An: keycloak-user <keycloak-user at lists.jboss.org>
Betreff: [EXTERNAL] Re: [keycloak-user] Login via SAML RESPONSE from an IdP
Hello Karsten,
Yes it is possible, please have a look here [1]. Of course you will need to confire your SP with your specific SAML adapter [2]
Hope it helps,
Luis
ps: just for the records: I always use SP initiated login, it looks more "natural" to me :)
[1]
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.keycloak.org_docs_latest_server-5Fadmin_index.html-23idp-2Dinitiated-2Dlogin&d=DwIGaQ&c=DgzfCyvE4m33Nb8jT6Zstq7mstX2IJrYfaJl8Ak-0_8&r=tEV5NbaAf1DsefwaP5VV_SYeWZQslIoxTN6j5CE93Hg&m=qspAgpvVTTvc9t-nOM1flvxotmIZxnKAdMYyScv58Ig&s=oEDTuu1cY-giNJjcutXqA9wXxhDbrlomVmbvSFDZlXQ&e=
[2]
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.keycloak.org_docs_latest_securing-5Fapps_index.html-23-5Fsaml-2Dgeneral-2Dconfig&d=DwIGaQ&c=DgzfCyvE4m33Nb8jT6Zstq7mstX2IJrYfaJl8Ak-0_8&r=tEV5NbaAf1DsefwaP5VV_SYeWZQslIoxTN6j5CE93Hg&m=qspAgpvVTTvc9t-nOM1flvxotmIZxnKAdMYyScv58Ig&s=LjEqAXudmP1sML3rguSEQSe5LcIyRTIgycnszoHEGBM&e=
El jue., 8 nov. 2018 a las 10:51, Karsten Honsack (<
karsten.honsack at zurich.com>) escribió:
> Hello everybody,
>
> I am trying to figure out if Keycloak is capable to fulfil the
> following requirement. I read through the documentation but was not
> able to figure it out.
>
> Scenario:
> A user is on a website where he has the possibility to jump to web
> applications of different partners via SSO. The website provider only
> supports IdP Initiated SSO and the button links provided are SAML
> Assertion Consumer URLs. The flow describes what should be happening
> for my
> understanding:
>
> Flow:
> 1. User login on website.
> 2. User clicks on button.
> 3. Website creates an encrypted SAML RESPONSE using its STS, redirects
> user to Keycloak's SAML Assertion Consumer URL and POSTs the SAML
> RESPONSE there.
> 4. Keycloak decrypts/validates SAML RESPONSE and authenticates the user.
> 5. Keycloak redirects user to the application.
> 6. User uses application.
>
> Is this possible? How has it to be configured? Do you need any more
> information to help me? Thank you in advance!
>
> Best regards
>
> Karsten Honsack
>
> **************************************
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_m
> ailman_listinfo_keycloak-2Duser&d=DwIGaQ&c=DgzfCyvE4m33Nb8jT6Zstq7mstX
> 2IJrYfaJl8Ak-0_8&r=tEV5NbaAf1DsefwaP5VV_SYeWZQslIoxTN6j5CE93Hg&m=qspAg
> pvVTTvc9t-nOM1flvxotmIZxnKAdMYyScv58Ig&s=sRIEtNz_hzeZ7pWSAjmi6kartlN-g
> eNm1PiImgC9pPQ&e=
>
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mailman_listinfo_keycloak-2Duser&d=DwIGaQ&c=DgzfCyvE4m33Nb8jT6Zstq7mstX2IJrYfaJl8Ak-0_8&r=tEV5NbaAf1DsefwaP5VV_SYeWZQslIoxTN6j5CE93Hg&m=qspAgpvVTTvc9t-nOM1flvxotmIZxnKAdMYyScv58Ig&s=sRIEtNz_hzeZ7pWSAjmi6kartlN-geNm1PiImgC9pPQ&e=
**************************************
More information about the keycloak-user
mailing list