<div dir="ltr">Assuming <a href="https://lvpalgomi1d.ln.jefco.com:8443/synchronicity/login.jsp" target="_blank" style="font-size:12.8px">https://lvpalgomi1d.ln.jefco.<wbr>com:8443/synchronicity/login.<wbr>jsp</a><span style="font-size:12.8px"> is the login screen for your SAML identity provider it's correct that should redirect back to </span><a href="http://lvpalgomi1d.ln.jefco.com:8180/auth/realms/Algomi/broker/pingfederate_saml/endpoint" target="_blank" style="font-size:12.8px">http://lvpalgomi1d.ln.jefco.<wbr>com:8180/auth/realms/Algomi/<wbr>broker/pingfederate_saml/<wbr>endpoint</a><span style="font-size:12.8px">. At that point Keycloak should authenticate the user and redirect to your client. </span><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Is your browser stuck on </span><a href="http://lvpalgomi1d.ln.jefco.com:8180/auth/realms/Algomi/broker/pingfederate_saml/endpoint" target="_blank" style="font-size:12.8px">http://lvpalgomi1d.ln.jefco.<wbr>com:8180/auth/realms/Algomi/<wbr>broker/pingfederate_saml/<wbr>endpoint</a><span style="font-size:12.8px">? What is it displaying? Are there any errors in the log? Is login working with username/password directly in Keycloak?</span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 12 September 2016 at 19:31, Sarah Phillips <span dir="ltr"><<a href="mailto:sphillips@jefferies.com" target="_blank">sphillips@jefferies.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-GB" link="blue" vlink="purple">
<div>
<p class="MsoNormal">I have a keycloak 1.9.8 install that I am trying to reconfigure.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I have a client that tries to authenticate requests to <a href="https://lvpalgomi1d.ln.jefco.com:8443/synchronicity/*" target="_blank">
https://lvpalgomi1d.ln.jefco.<wbr>com:8443/synchronicity/*</a><u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I have a saml 2.0 identity provider configured against pingfederate. The redirect URI is
<a href="http://lvpalgomi1d.ln.jefco.com:8180/auth/realms/Algomi/broker/pingfederate_saml/endpoint" target="_blank">
http://lvpalgomi1d.ln.jefco.<wbr>com:8180/auth/realms/Algomi/<wbr>broker/pingfederate_saml/<wbr>endpoint</a><u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">When I enter <a href="https://lvpalgomi1d.ln.jefco.com:8443/synchronicity/login.jsp" target="_blank">
https://lvpalgomi1d.ln.jefco.<wbr>com:8443/synchronicity/login.<wbr>jsp</a> into a web browser I end up at
<a href="http://lvpalgomi1d.ln.jefco.com:8180/auth/realms/Algomi/broker/pingfederate_saml/endpoint" target="_blank">
http://lvpalgomi1d.ln.jefco.<wbr>com:8180/auth/realms/Algomi/<wbr>broker/pingfederate_saml/<wbr>endpoint</a> which is not what I intend – I would like to be validated and then redirected back to the original location.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Is there another step to redirect the browser back to the original URL?<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I am picking up this task from a colleague who moved on. I have tried reading the server-administration-guide but it does not seem to be helping with this problem.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">How do I diagnose the issue? What settings do I need to check?<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">There are also a couple of ldap providers set up under User Federation. I don’t know whether they are needed – I think they were previously used to authenticate against ldap but the users are looking for silent/pass-through authentication.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Actually, while I’m here, will SAML 2.0 even support Integrated Windows Authentication that I am supposed to be implementing, or must I use Kerberos to achieve that?<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Many thanks,<u></u><u></u></p>
<p class="MsoNormal">Sarah<u></u><u></u></p>
</div>
<h6><font color="gray"><br>
Jefferies archives and monitors outgoing and incoming e-mail. The contents of this email, including any attachments, are confidential to the ordinary user of the email address to which it was addressed. If you are not the addressee of this email you may not
copy, forward, disclose or otherwise use it or any part of it in any form whatsoever. This email may be produced at the request of regulators or in connection with civil litigation. Jefferies accepts no liability for any errors or omissions arising as a result
of transmission. Use by other than intended recipients is prohibited. In the United Kingdom, Jefferies operates as Jefferies International Limited; registered in England: no. 1978621; registered office: Vintners Place, 68 Upper Thames Street, London EC4V 3BJ.
Jefferies International Limited is authorized and regulated by the Financial Conduct Authority.
</font></h6>
</div>
<br>______________________________<wbr>_________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/<wbr>mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>