<div dir="ltr"><div><div>Hi Bill,<br></div>Thanks for the reply. I am not referring about generating SP entity descriptor. I have Entity descriptor and want to use entity descriptor with keycloak SAML SP. I have attached the sample piketlink-SP metadata for reference.<br><br>I picketlink, we have picketlink.xml, where we can tell the service provider to read IDP entity descriptor from file. Example as below<br><br> <MetaDataProvider ClassName="org.picketlink.identity.federation.core.saml.md.providers.FileBasedEntitiesMetadataProvider"><br> <Option Key="FileName" Value="/WEB-INF/classes/idp-metadata.xml"/><br> </MetaDataProvider><br><br></div>However, when I looked at our Keycloak SAML configuration schema(keycloak_saml_adapter_1_6.xsd) I don't see any such elements where we can tell the SP to read the IDP entity data from IDP metadata.<br><br> <br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Nov 30, 2015 at 9:03 PM, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Keycloak SP does not generate an entity descriptor. I don't believe Picketlink SP does either.<br>
<br>
Our examples are derived from PL quickstarts. Honestly I don't see much difference between the PL ones and ours. The PL ones use PL IDP, the Keycloak ones use Keycloak IDP. The PL quickstarts don't go into much detail either other than how to run the example.<span class=""><br>
<br>
On 11/30/2015 10:03 AM, Arulkumar Ponnusamy wrote:<br>
</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">
Hi Bill,<br>
Do you have any update on this?<br>
<br>
On Mon, Nov 30, 2015 at 2:39 PM, Stian Thorgersen <<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a><br></span><span class="">
<mailto:<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>>> wrote:<br>
<br>
Bill - is there a way to get the entity descriptor for an<br>
application using the Keycloak SP adapter? To then import into<br>
PicketLink.<br>
<br>
On 30 November 2015 at 09:47, Arulkumar Ponnusamy<br></span><span class="">
<<a href="mailto:parul.com@gmail.com" target="_blank">parul.com@gmail.com</a> <mailto:<a href="mailto:parul.com@gmail.com" target="_blank">parul.com@gmail.com</a>>> wrote:<br>
<br>
Hi Stian,<br>
Yes clients from entity descriptors. i don't understand import<br>
the file part. Where to import the file? I have both<br>
IDP(picketlink) and SP(keycloak) under my web-INF file. but, i<br>
don't see any SAML communication between SP and IDP happening.<br>
<br>
I am new to SAML and for beginner,picketlink has so many example<br>
for both IDP and SP which is awesome and gives clear picture of<br>
whats need to be done. But, Those example are missing for<br>
keycloak SAML Service provide. only three example are for<br>
keycloak and that too some how not detailed.<br>
<br>
<br>
<br>
On Mon, Nov 30, 2015 at 1:07 PM, Stian Thorgersen<br></span><span class="">
<<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a> <mailto:<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>>> wrote:<br>
<br>
Are you asking if Keycloak can create clients from entity<br>
descriptors, then yes. Create client and import the file.<br>
<br>
On 30 November 2015 at 05:02, Arulkumar Ponnusamy<br></span><span class="">
<<a href="mailto:parul.com@gmail.com" target="_blank">parul.com@gmail.com</a> <mailto:<a href="mailto:parul.com@gmail.com" target="_blank">parul.com@gmail.com</a>>> wrote:<br>
<br>
Hi All,<br>
Does keycloak service provider support with metadata ? I<br>
don't find any reference document on this for keycloak.<br>
There is no adapter which talk about metadata. Even I<br>
looked at the examples, and there are three examples<br>
which talk about POST, REDIRECT and encryption.<br>
<br>
Any reference document on Keycloak SAML Service provider<br>
Metadata?<br>
<br>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br></span>
<mailto:<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a>><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
<br>
<br>
<br>
<br>
<br><span class="HOEnZb"><font color="#888888">
</font></span></blockquote><span class="HOEnZb"><font color="#888888">
<br>
-- <br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" rel="noreferrer" target="_blank">http://bill.burkecentral.com</a><br>
</font></span></blockquote></div><br></div>