<div dir="ltr"><div><div><div>Hi Steve, <br><br></div>I'm using Keycloak as a shibboleth SP in a federation (Renater) and It's working fine. The problem you encounter comes from the fact that you ask for a persistent nameId in the config of your SP and, according to the provider details, it's only able to send transient nameId.<br></div>Feel the parameter of nameId to undefined and check the authentication again.<br></div><br><div>Best regards, Jérôme.<br></div></div><br><div class="gmail_quote"><div dir="ltr">Le mer. 10 févr. 2016 à 03:57, Steve Nolen <<a href="mailto:technolengy@gmail.com">technolengy@gmail.com</a>> a écrit :<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi!<div><br></div><div>First of all, keycloak is legitimately awesome!</div><div><br></div><div>I was attempting to test the use of keycloak as a shibboleth SP today (testing against the <a href="http://testshib.org" target="_blank">testshib.org</a> test IdP) and am having some trouble.</div><div><br></div><div>Keycloak Version: 1.9.0CR1 (using it on openshift currently)</div><div><br></div><div>Both sides seem to be set up as they should (I used the testshib endpoint to import the settings to keycloak). I'm able to take the redirect over to idp.testshib but on logging in I get a 500 Internal Server Error from keycloak. The message is "No Assertion from response" (stack trace below).</div><div><br></div><div>Any thoughts on what might be missing?</div><div><br></div><div>==== stack trace ====</div><div><a href="http://pastebin.com/3tsApUKK" target="_blank">http://pastebin.com/3tsApUKK</a><br></div><div><br></div><div>==== broker details ====</div><div><div><a href="https://keycloak-technolengy.rhcloud.com/auth/realms/technolengy/broker/testshib.org/endpoint/descriptor" target="_blank">https://keycloak-technolengy.rhcloud.com/auth/realms/technolengy/broker/testshib.org/endpoint/descriptor</a><br></div><div><br></div><div>==== provider details ====</div><div><a href="https://www.testshib.org/metadata/testshib-providers.xml" target="_blank">https://www.testshib.org/metadata/testshib-providers.xml</a><br></div><div><br></div><div>Thank you!</div><div>Steve</div></div></div>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></blockquote></div>