Pedro Igor Craveiro e Silva
Agree with John. However, we do have some basic ECP profile on SP side, where you can
obtain AuthnRequests using PAOS binding.
If you send a request to an SP using both Accept and PAOS headers accordingly with the
specs, you should be able to obtain a AuthnRequest.
Regards.
Pedro Igor
----- Original Message -----
From: "John Dennis" <jdennis(a)redhat.com>
To: stian(a)redhat.com, "Arulkumar Ponnusamy" <parul.com(a)gmail.com>
Cc: "keycloak-dev" <keycloak-dev(a)lists.jboss.org>
Sent: Friday, January 22, 2016 1:22:02 PM
Subject: Re: [keycloak-dev] does keycloak 1.8 supports ECP profile on SP side?
On 01/22/2016 03:52 AM, Stian Thorgersen wrote:
No, at the moment we don't have any plans to support it at all.
You
should be able to find other SP libraries to use though.
If your SP is running inside Apache you can use mod_auth_mellon. We just
finished successfully testing ECP between a mod_auth_mellon SP and
Keycloak 1.8.0.CR1 (caveat, 1.8.0.CR1 had 1 minor issue with the media
type which was promptly fixed by the KC team, 1.8.0 final should be fine).
The truth is an IdP such as KC doesn't need to do much to support ECP,
most of the work for ECP is in the ECP client and the SP. So in addition
to a working SP you'll need to make sure your ECP client plays well with
others.
On 22 January 2016 at 09:34, Arulkumar Ponnusamy
<parul.com(a)gmail.com
<mailto:parul.com@gmail.com>> wrote:
do you have any plan to implement it on SP side too on 1.9?
On Fri, Jan 22, 2016 at 1:35 PM, Stian Thorgersen
<sthorger(a)redhat.com <mailto:sthorger@redhat.com>> wrote:
Only IdP side
On 22 January 2016 at 05:47, Arulkumar Ponnusamy
<parul.com(a)gmail.com <mailto:parul.com@gmail.com>> wrote:
keycloak 1.8 CR release notes state, it supports SAML ECP
profile. want to know, is it on IDP side or it supports both
IDP and SP side?
--
John
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev