<div dir="ltr">Blank page with a 403?<div><br></div><div>The URL is missing '/auth/'. Unless you've changed the context-path Keycloak is deployed to the url should be <a href="https://xyz/realms/myrealmname/protocol/saml/googleapps" rel="noreferrer" target="_blank" style="font-size:12.8px">https://xyz/auth/realms/myrealmname/protocol/saml/googleapps</a></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 25 November 2015 at 23:33, Thomas Schweizer-Bolzonello <span dir="ltr"><<a href="mailto:thomas@schweizer.fr" target="_blank">thomas@schweizer.fr</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello Marek,<br>
<br>
Thanks for pointing me on this ressource. Very useful.<br>
I'm now on these settings :<br>
<br>
Client ID : googleapps<br>
Name : My Test Saml<br>
Enabled : On<br>
Include AuthnStatement : On<br>
Sign Assertions : On (RSA_SHA256, EXCLUSIVE)<br>
Client Signature Required : On<br>
Name ID Format : email<br>
IDP Initiated SSO URL Name : googleapps<br>
==<br>
Assertion Consumer Service Redirect Binding URL :<br>
<a href="https://www.google.com/a/mydomain.com/acs" rel="noreferrer" target="_blank">https://www.google.com/a/mydomain.com/acs</a><br>
<br>
When I'm accessing (manually or set via Google Admin console in SSO<br>
settings) the following URL :<br>
<a href="https://xyz/realms/myrealmname/protocol/saml/googleapps" rel="noreferrer" target="_blank">https://xyz/realms/myrealmname/protocol/saml/googleapps</a> .. i'm facing<br>
a totally blank page<br>
<br>
Error in Wildfly log :<br>
23:25:04,136 WARN [org.jboss.resteasy.core.ExceptionHandler] (default<br>
task-107) failed to execute: javax.ws.rs.NotFoundException: Could not<br>
find resource for full path:<br>
<a href="https://xyz/realms/myrealmname/protocol/saml/googleapps" rel="noreferrer" target="_blank">https://xyz/realms/myrealmname/protocol/saml/googleapps</a><br>
<br>
Any idea ?<br>
<br>
Thanks<br>
<br>
Best regards,<br>
Thomas<br>
<div class="HOEnZb"><div class="h5"><br>
2015-11-25 11:51 GMT+01:00 Marek Posolda <<a href="mailto:mposolda@redhat.com">mposolda@redhat.com</a>>:<br>
> Longer time ago, I did the integration of picketlink with Google Apps, which<br>
> is documented here:<br>
> <a href="https://docs.jboss.org/author/display/PLINK/Picketlink+as+IDP,+Google+Apps+as+SP" rel="noreferrer" target="_blank">https://docs.jboss.org/author/display/PLINK/Picketlink+as+IDP,+Google+Apps+as+SP</a><br>
> . Some steps might be outdated, but hopefully most of them is still<br>
> applicable and can be (maybe with some tweaks) applied for Keycloak as well.<br>
> Especially the part for configuring on Google side. I did not tried in<br>
> practice with Keycloak yet, but I think that you may want to:<br>
> - Use clientId like "<a href="http://google.com/a/yourdomain.com" rel="noreferrer" target="_blank">google.com/a/yourdomain.com</a>" for your client where<br>
> <a href="http://yourdomain.com" rel="noreferrer" target="_blank">yourdomain.com</a> is your Google-Apps domain<br>
> - Select "Sign assertions" so google-apps will verify the signature on<br>
> assertion with the realm key you uploaded<br>
><br>
> Other options might be kept default probably (not sure at 100% as I didn't<br>
> try it myself yet)<br>
><br>
> Marek<br>
><br>
><br>
> On 25/11/15 10:42, Thomas Schweizer-Bolzonello wrote:<br>
><br>
> Hello,<br>
> Does someone have documentation on how to implement Keycloak with Google<br>
> Apps ?<br>
> I tried to implement a SAML client in a Keycloak realm but I'm lost<br>
> with settings when creating one.<br>
><br>
> Tried to use the official documentation and to search on the web but<br>
> to no avail.<br>
><br>
> If someone could point me to what settings to use in the SAML client I<br>
> created, it would be great.<br>
> I already took the key generated for the realm and uploaded it to Google<br>
> Apps.<br>
><br>
> Best regards,<br>
> Thomas<br>
> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
><br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</div></div></blockquote></div><br></div>