<p dir="ltr">What does your authnrequest look like? ADFS is really fickle about format. Common issues with the authnrequest are:<br>
1. Nameidformat<br>
2. Authncontextclassref<br>
3. Sha1 signature</p>
<p dir="ltr">#1 is the biggest issue I see. You need to write a claims rule in adfs to make sure it maps properly or just remove the nameidformat from the authnrequest. </p>
<p dir="ltr">Marc Boorshtein<br>
CTO, Tremolo Security, Inc.<br>
</p>
<div class="gmail_extra"><br><div class="gmail_quote">On Jul 28, 2016 6:22 AM, "Robert van Loenhout" <<a href="mailto:r.vanloenhout@greenvalley.nl">r.vanloenhout@greenvalley.nl</a>> wrote:<br type="attribution"><blockquote class="quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="NL" link="#0563C1" vlink="#954F72">
<div>
<p class="MsoNormal"><span lang="EN-US">Hi,<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">I’m trying to use Keycloak 2.0.0.Final with AD FS 2.0 as an identity provider. I think I’ve set up everything, but I am getting an internal error from keycloak.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">The server log contains<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">2016-07-28 11:08:32,510 ERROR [io.undertow.request] (default task-37) UT005023: Exception handling request to /auth/realms/adfs-realm/broker/adfs/endpoint: org.jboss.resteasy.spi.UnhandledException: org.keycloak.broker.provider.IdentityBrokerException:
Could not process response from SAML identity provider.<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">The root cause is “No assertion from response”<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">So far the only information about this I have found so far is a keycloak issue ticket<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><a href="https://issues.jboss.org/browse/KEYCLOAK-3103" target="_blank">https://issues.jboss.org/browse/KEYCLOAK-3103</a><u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">Has anyone got any luck using AD FS in combination with keycloak?<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US">Is there any configuration I could change in AD FS or Keycloak or workaround this problem?<u></u><u></u></span></p>
<p class="MsoNormal"><span lang="EN-US"><u></u> <u></u></span></p>
</div>
</div>
<br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>