Its in master, will be in next release.
On 6/1/2015 3:06 PM, Henk Laracker wrote:
Hi Bill,
Can you please help me out how I have to make a mapping so that I can
remove the prefix.
Met vriendelijke groet / Yours sincerely / Mit freundlichen Grüßen / Très
cordialement,
Henk Laracker
On 01/05/15 14:52, "Bill Burke" <bburke(a)redhat.com> wrote:
> I'll add a username mapper.
>
> On 5/1/2015 8:48 AM, Bill Burke wrote:
>> You can map the SAML/OIDC assertion/token that is sent to your
>> applications however you want.
>>
>> On 4/30/2015 9:23 PM, Raghu Prabhala wrote:
>>> Bill - That would be an issue for us as we cannot manipulate the values
>>> (especially username) sent by an external IDP which is the
>>> authoritative
>>> source of user information. We will have to figure out another way,
>>> perhaps, an internal KC user attribute that can be made unique to
>>> prevent name clashes.
>>>
>>> Thanks,
>>> Raghu
>>>
>>> ------------------------------------------------------------------------
>>> *From:* Bill Burke <bburke(a)redhat.com>
>>> *To:* Henk Laracker <Henk.Laracker(a)planonsoftware.com>;
>>> "keycloak-user(a)lists.jboss.org"
<keycloak-user(a)lists.jboss.org>
>>> *Sent:* Thursday, April 30, 2015 7:26 PM
>>> *Subject:* Re: [keycloak-user] IDP SAMLV2.0 with Salesforce
>>>
>>> Right now, the username is prefixed with the broker name. THis is to
>>> avoid name clashes if you are brokering multiple IDPS (i.e. multiple
>>> social providers).
>>>
>>> On 4/30/2015 2:51 PM, Henk Laracker wrote:
>>> > Hi Bill,
>>> >
>>> > Thank you this worked out! I user is created with my name
>>> > saml.henk.laracker@p <mailto:saml.henk.laracker@p>***n.nl , do
you
>>> have any idee why the “saml” prefix
>>> > is added?
>>> >
>>> >
>>> > Henk
>>> >
>>> > On 30/04/15 18:44, "Bill Burke" <bburke(a)redhat.com
>>> <mailto:bburke@redhat.com>> wrote:
>>> >
>>> >> Ok, I was able to get this to work. The problem was I had to
set
>>> a
>>> >> "profile" for the connected app on Salesforce. I added
a "System
>>> >> Adminstrator" profile to the Connected App and it worked.
>>> >>
>>> >> I'm not sure how to upload a app certificate yet. Not sure
what
>>> format
>>> >> Salesforce is looking for.
>>> >>
>>> >> On 4/30/2015 11:39 AM, Bill Burke wrote:
>>> >>> I set up a salesforce example and looked at the login
response
>>> SAML
>>> >>> document. Looks like no assertion data is being sent back
at
>>> all by
>>> >>> salesforce.
>>> >>>
>>> >>> On 4/30/2015 9:43 AM, Bill Burke wrote:
>>> >>>> i have no idea. Basically this error is stating that the
login
>>> >>>> response
>>> >>>> saml document has no assertions within it. If there are
no
>>> assertions,
>>> >>>> then there has been no identity data sent.
>>> >>>>
>>> >>>> I'm looking now, but can you send me a link on how to
set up
>>> Salesforce
>>> >>>> as an IDP? Is one able to set up a free account and
such?
>>> >>>>
>>> >>>> On 4/30/2015 9:25 AM, Henk Laracker wrote:
>>> >>>>> Hi Bill,
>>> >>>>>
>>> >>>>> I don¹t know why I missed that, thanks! Salesforce
respons
>>> know with
>>> >>>>> the
>>> >>>>> correct login page. After logging in in Salesforce,
I¹m
>>> redirected to
>>> >>>>> keycloak again with a internal error:
>>> >>>>>
>>> >>>>> Caused by:
>>> org.keycloak.broker.provider.IdentityBrokerException:
>>> >>>>> Could not
>>> >>>>> process response from SAML identity provider.
>>> >>>>> at
>>> >>>>>
>>> >>>>>
>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLE
>>> >>>>> ndpo
>>> >>>>> int.java:299)
>>> >>>>> at
>>> >>>>>
>>> >>>>>
>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.handleSamlResponse(SAMLEn
>>> >>>>> dpoi
>>> >>>>> nt.java:343)
>>> >>>>> at
>>> >>>>>
>>> >>>>>
>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.execute(SAMLEndpoint.java
>>> >>>>> :169
>>> >>>>> )
>>> >>>>> at
>>> >>>>>
>>> >>>>>
>>> org.keycloak.broker.saml.SAMLEndpoint.postBinding(SAMLEndpoint.java:117
>>> >>>>> )
>>> >>>>> at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native
>>> Method)
>>> >>>>> [rt.jar:1.8.0_45]
>>> >>>>> at
>>> >>>>>
>>> >>>>>
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja
>>> >>>>> va:6
>>> >>>>> 2) [rt.jar:1.8.0_45]
>>> >>>>> at
>>> >>>>>
>>> >>>>>
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso
>>> >>>>> rImp
>>> >>>>> l.java:43) [rt.jar:1.8.0_45]
>>> >>>>> at
java.lang.reflect.Method.invoke(Method.java:497)
>>> [rt.jar:1.8.0_45]
>>> >>>>> at
>>> >>>>>
>>> >>>>>
>>> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.ja
>>> >>>>> va:1
>>> >>>>> 37) [resteasy-jaxrs-3.0.10.Final.jar:]
>>> >>>>> at
>>> >>>>>
>>> >>>>>
>>> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMe
>>> >>>>> thod
>>> >>>>> Invoker.java:296) [resteasy-jaxrs-3.0.10.Final.jar:]
>>> >>>>> at
>>> >>>>>
>>> >>>>>
>>> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvo
>>> >>>>> ker.
>>> >>>>> java:250) [resteasy-jaxrs-3.0.10.Final.jar:]
>>> >>>>> at
>>> >>>>>
>>> >>>>>
>>> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Res
>>> >>>>> ourc
>>> >>>>> eLocatorInvoker.java:140)
[resteasy-jaxrs-3.0.10.Final.jar:]
>>> >>>>> at
>>> >>>>>
>>> >>>>>
>>> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorIn
>>> >>>>> voke
>>> >>>>> r.java:109) [resteasy-jaxrs-3.0.10.Final.jar:]
>>> >>>>> at
>>> >>>>>
>>> >>>>>
>>> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Res
>>> >>>>> ourc
>>> >>>>> eLocatorInvoker.java:135)
[resteasy-jaxrs-3.0.10.Final.jar:]
>>> >>>>> at
>>> >>>>>
>>> >>>>>
>>> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorIn
>>> >>>>> voke
>>> >>>>> r.java:103) [resteasy-jaxrs-3.0.10.Final.jar:]
>>> >>>>> at
>>> >>>>>
>>> >>>>>
>>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatc
>>> >>>>> her.
>>> >>>>> java:356) [resteasy-jaxrs-3.0.10.Final.jar:]
>>> >>>>> ... 39 more
>>> >>>>> Caused by:
>>> org.keycloak.broker.provider.IdentityBrokerException: No
>>> >>>>> assertion from response.
>>> >>>>> at
>>> >>>>>
>>> >>>>>
>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.getAssertion(SAMLEndpoint
>>> >>>>> .jav
>>> >>>>> a:309)
>>> >>>>> at
>>> >>>>>
>>> >>>>>
>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLE
>>> >>>>> ndpo
>>> >>>>> int.java:264)
>>> >>>>> ... 54 more
>>> >>>>>
>>> >>>>> Any idea?
>>> >>>>>
>>> >>>>> Henk
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>> On 30/04/15 14:31, "Bill Burke"
<bburke(a)redhat.com
>>> <mailto:bburke@redhat.com>> wrote:
>>> >>>>>
>>> >>>>>> You want to chain keycloak server to Salesforce?
>>> >>>>>>
>>> >>>>>> If you create a SAMLv2 IdentityProvider in
keycloak that
>>> points to
>>> >>>>>> Salesforce, you;ll see after you create it, an
Export button.
>>> Click
>>> >>>>>> that. That will create an entity descriptor with
all the
>>> information
>>> >>>>>> you need.
>>> >>>>>>
>>> >>>>>> On 4/30/2015 2:45 AM, Henk Laracker wrote:
>>> >>>>>>> Hi,
>>> >>>>>>>
>>> >>>>>>> I like to use Salesforce as Identity
Provider, the metadata
>>> >>>>>>> provided by
>>> >>>>>>> salesforce can be imported.
>>> >>>>>>> But I need to specify the Service Provider in
salesforce, I
>>> have to
>>> >>>>>>> fill
>>> >>>>>>> in a couple of fields, but two of them I
don¹t understand
>>> (and are
>>> >>>>>>> mandatory). Does someone have any clue
>>> >>>>>>>
>>> >>>>>>> 1. entity id , remark of salesforce :
get this value
>> >from your
>>> >>>>>>> serviceprovider
>>> >>>>>>> 2. ACS URL, remark of slaesforce : The
assertion
>>> consumer
>>> >>>>>>> service. Get
>>> >>>>>>> this value from your service
provider.
>>> >>>>>>>
>>> >>>>>>> I have tried a lot of values but every-time I
click the saml
>>> button
>>> >>>>>>> on
>>> >>>>>>> my app, it redirects to salesforce but I get
a page with the
>>> error :
>>> >>>>>>> Error: Unable to resolve request into a
Service Provider
>>> >>>>>>>
>>> >>>>>>> Henk
>>> >>>>>>>
>>> >>>>>>>
>>> >>>>>>>
_______________________________________________
>>> >>>>>>> keycloak-user mailing list
>>> >>>>>>> keycloak-user(a)lists.jboss.org
>>> <mailto:keycloak-user@lists.jboss.org>
>>> >>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>> >>>>>>>
>>> >>>>>>
>>> >>>>>> --
>>> >>>>>> Bill Burke
>>> >>>>>> JBoss, a division of Red Hat
>>> >>>>>>
http://bill.burkecentral.com
<
http://bill.burkecentral.com/>
>>>
>>>
>>>
>>> >>>>>> _______________________________________________
>>> >>>>>> keycloak-user mailing list
>>> >>>>>> keycloak-user(a)lists.jboss.org
>>> <mailto:keycloak-user@lists.jboss.org>
>>> >>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>> >>>>>
>>> >>>>
>>> >>>
>>> >>
>>> >> --
>>> >> Bill Burke
>>> >> JBoss, a division of Red Hat
>>> >>
http://bill.burkecentral.com
<
http://bill.burkecentral.com/>
>>> >> _______________________________________________
>>> >> keycloak-user mailing list
>>> >> keycloak-user(a)lists.jboss.org
>>> <mailto:keycloak-user@lists.jboss.org>
>>> >>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>> >
>>>
>>> --
>>> Bill Burke
>>> JBoss, a division of Red Hat
>>>
http://bill.burkecentral.com <
http://bill.burkecentral.com/>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>>
>>
>
> --
> Bill Burke
> JBoss, a division of Red Hat
>
http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user