<div dir="ltr"><div>Try "<a href="https://xyz/realms/myrealmname/protocol/saml/googleapps" rel="noreferrer" target="_blank" style="font-size:12.8px">https://xyz/realms/myrealmname/protocol/saml</a>", dropping "googleapps"<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 26 November 2015 at 09:10, Thomas Schweizer-Bolzonello <span dir="ltr"><<a href="mailto:thomas@schweizer.fr" target="_blank">thomas@schweizer.fr</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello Stian,<br>
Blank page with a 404<br>
<br>
I removed /auth because I redeployed Keycloak on root context with this :<br>
<a href="http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e426" rel="noreferrer" target="_blank">http://keycloak.github.io/docs/userguide/keycloak-server/html/server-installation.html#d4e426</a><br>
<br>
I tried to create a new realm but same problem : blank page + 404<br>
<br>
Full error in log is here :<br>
<a href="https://gist.github.com/ThomasSchweizer/a1ce825bd245d5261250" rel="noreferrer" target="_blank">https://gist.github.com/ThomasSchweizer/a1ce825bd245d5261250</a><br>
<span class="HOEnZb"><font color="#888888"><br>
Thomas<br>
</font></span><div class="HOEnZb"><div class="h5"><br>
2015-11-26 8:42 GMT+01:00 Stian Thorgersen <<a href="mailto:sthorger@redhat.com">sthorger@redhat.com</a>>:<br>
> Blank page with a 403?<br>
><br>
> The URL is missing '/auth/'. Unless you've changed the context-path Keycloak<br>
> is deployed to the url should be<br>
> <a href="https://xyz/auth/realms/myrealmname/protocol/saml/googleapps" rel="noreferrer" target="_blank">https://xyz/auth/realms/myrealmname/protocol/saml/googleapps</a><br>
><br>
> On 25 November 2015 at 23:33, Thomas Schweizer-Bolzonello<br>
> <<a href="mailto:thomas@schweizer.fr">thomas@schweizer.fr</a>> wrote:<br>
>><br>
>> Hello Marek,<br>
>><br>
>> Thanks for pointing me on this ressource. Very useful.<br>
>> I'm now on these settings :<br>
>><br>
>> Client ID : googleapps<br>
>> Name : My Test Saml<br>
>> Enabled : On<br>
>> Include AuthnStatement : On<br>
>> Sign Assertions : On (RSA_SHA256, EXCLUSIVE)<br>
>> Client Signature Required : On<br>
>> Name ID Format : email<br>
>> IDP Initiated SSO URL Name : googleapps<br>
>> ==<br>
>> Assertion Consumer Service Redirect Binding URL :<br>
>> <a href="https://www.google.com/a/mydomain.com/acs" rel="noreferrer" target="_blank">https://www.google.com/a/mydomain.com/acs</a><br>
>><br>
>> When I'm accessing (manually or set via Google Admin console in SSO<br>
>> settings) the following URL :<br>
>> <a href="https://xyz/realms/myrealmname/protocol/saml/googleapps" rel="noreferrer" target="_blank">https://xyz/realms/myrealmname/protocol/saml/googleapps</a> .. i'm facing<br>
>> a totally blank page<br>
>><br>
>> Error in Wildfly log :<br>
>> 23:25:04,136 WARNÂ [org.jboss.resteasy.core.ExceptionHandler] (default<br>
>> task-107) failed to execute: javax.ws.rs.NotFoundException: Could not<br>
>> find resource for full path:<br>
>> <a href="https://xyz/realms/myrealmname/protocol/saml/googleapps" rel="noreferrer" target="_blank">https://xyz/realms/myrealmname/protocol/saml/googleapps</a><br>
>><br>
>> Any idea ?<br>
>><br>
>> Thanks<br>
>><br>
>> Best regards,<br>
>> Thomas<br>
>><br>
>> 2015-11-25 11:51 GMT+01:00 Marek Posolda <<a href="mailto:mposolda@redhat.com">mposolda@redhat.com</a>>:<br>
>> > Longer time ago, I did the integration of picketlink with Google Apps,<br>
>> > which<br>
>> > is documented here:<br>
>> ><br>
>> > <a href="https://docs.jboss.org/author/display/PLINK/Picketlink+as+IDP,+Google+Apps+as+SP" rel="noreferrer" target="_blank">https://docs.jboss.org/author/display/PLINK/Picketlink+as+IDP,+Google+Apps+as+SP</a><br>
>> > . Some steps might be outdated, but hopefully most of them is still<br>
>> > applicable and can be (maybe with some tweaks) applied for Keycloak as<br>
>> > well.<br>
>> > Especially the part for configuring on Google side. I did not tried in<br>
>> > practice with Keycloak yet, but I think that you may want to:<br>
>> > - Use clientId like "<a href="http://google.com/a/yourdomain.com" rel="noreferrer" target="_blank">google.com/a/yourdomain.com</a>" for your client where<br>
>> > <a href="http://yourdomain.com" rel="noreferrer" target="_blank">yourdomain.com</a> is your Google-Apps domain<br>
>> > - Select "Sign assertions" so google-apps will verify the signature on<br>
>> > assertion with the realm key you uploaded<br>
>> ><br>
>> > Other options might be kept default probably (not sure at 100% as I<br>
>> > didn't<br>
>> > try it myself yet)<br>
>> ><br>
>> > Marek<br>
>> ><br>
>> ><br>
>> > On 25/11/15 10:42, Thomas Schweizer-Bolzonello wrote:<br>
>> ><br>
>> > Hello,<br>
>> > Does someone have documentation on how to implement Keycloak with Google<br>
>> > Apps ?<br>
>> > I tried to implement a SAML client in a Keycloak realm but I'm lost<br>
>> > with settings when creating one.<br>
>> ><br>
>> > Tried to use the official documentation and to search on the web but<br>
>> > to no avail.<br>
>> ><br>
>> > If someone could point me to what settings to use in the SAML client I<br>
>> > created, it would be great.<br>
>> > I already took the key generated for the realm and uploaded it to Google<br>
>> > Apps.<br>
>> ><br>
>> > Best regards,<br>
>> > Thomas<br>
>> > _______________________________________________<br>
>> > keycloak-user mailing list<br>
>> > <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
>> > <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
>> ><br>
>> ><br>
>> _______________________________________________<br>
>> keycloak-user mailing list<br>
>> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
>> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
><br>
</div></div></blockquote></div><br></div>