Ok, I was able to get this to work. The problem was I had to set a
"profile" for the connected app on Salesforce. I added a "System
Adminstrator" profile to the Connected App and it worked.
I'm not sure how to upload a app certificate yet. Not sure what format
Salesforce is looking for.
On 4/30/2015 11:39 AM, Bill Burke wrote:
I set up a salesforce example and looked at the login response SAML
document. Looks like no assertion data is being sent back at all by
salesforce.
On 4/30/2015 9:43 AM, Bill Burke wrote:
> i have no idea. Basically this error is stating that the login response
> saml document has no assertions within it. If there are no assertions,
> then there has been no identity data sent.
>
> I'm looking now, but can you send me a link on how to set up Salesforce
> as an IDP? Is one able to set up a free account and such?
>
> On 4/30/2015 9:25 AM, Henk Laracker wrote:
>> Hi Bill,
>>
>> I don¹t know why I missed that, thanks! Salesforce respons know with the
>> correct login page. After logging in in Salesforce, I¹m redirected to
>> keycloak again with a internal error:
>>
>> Caused by: org.keycloak.broker.provider.IdentityBrokerException: Could not
>> process response from SAML identity provider.
>> at
>> org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLEndpo
>> int.java:299)
>> at
>> org.keycloak.broker.saml.SAMLEndpoint$Binding.handleSamlResponse(SAMLEndpoi
>> nt.java:343)
>> at
>> org.keycloak.broker.saml.SAMLEndpoint$Binding.execute(SAMLEndpoint.java:169
>> )
>> at
>> org.keycloak.broker.saml.SAMLEndpoint.postBinding(SAMLEndpoint.java:117)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> [rt.jar:1.8.0_45]
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:6
>> 2) [rt.jar:1.8.0_45]
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImp
>> l.java:43) [rt.jar:1.8.0_45]
>> at java.lang.reflect.Method.invoke(Method.java:497) [rt.jar:1.8.0_45]
>> at
>> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:1
>> 37) [resteasy-jaxrs-3.0.10.Final.jar:]
>> at
>> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethod
>> Invoker.java:296) [resteasy-jaxrs-3.0.10.Final.jar:]
>> at
>> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.
>> java:250) [resteasy-jaxrs-3.0.10.Final.jar:]
>> at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Resourc
>> eLocatorInvoker.java:140) [resteasy-jaxrs-3.0.10.Final.jar:]
>> at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoke
>> r.java:109) [resteasy-jaxrs-3.0.10.Final.jar:]
>> at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Resourc
>> eLocatorInvoker.java:135) [resteasy-jaxrs-3.0.10.Final.jar:]
>> at
>> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoke
>> r.java:103) [resteasy-jaxrs-3.0.10.Final.jar:]
>> at
>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.
>> java:356) [resteasy-jaxrs-3.0.10.Final.jar:]
>> ... 39 more
>> Caused by: org.keycloak.broker.provider.IdentityBrokerException: No
>> assertion from response.
>> at
>> org.keycloak.broker.saml.SAMLEndpoint$Binding.getAssertion(SAMLEndpoint.jav
>> a:309)
>> at
>> org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLEndpo
>> int.java:264)
>> ... 54 more
>>
>> Any idea?
>>
>> Henk
>>
>>
>>
>>
>> On 30/04/15 14:31, "Bill Burke" <bburke(a)redhat.com> wrote:
>>
>>> You want to chain keycloak server to Salesforce?
>>>
>>> If you create a SAMLv2 IdentityProvider in keycloak that points to
>>> Salesforce, you;ll see after you create it, an Export button. Click
>>> that. That will create an entity descriptor with all the information
>>> you need.
>>>
>>> On 4/30/2015 2:45 AM, Henk Laracker wrote:
>>>> Hi,
>>>>
>>>> I like to use Salesforce as Identity Provider, the metadata provided by
>>>> salesforce can be imported.
>>>> But I need to specify the Service Provider in salesforce, I have to fill
>>>> in a couple of fields, but two of them I don¹t understand (and are
>>>> mandatory). Does someone have any clue
>>>>
>>>> 1. entity id , remark of salesforce : get this value from your
>>>> serviceprovider
>>>> 2. ACS URL, remark of slaesforce : The assertion consumer service.
Get
>>>> this value from your service provider.
>>>>
>>>> I have tried a lot of values but every-time I click the saml button on
>>>> my app, it redirects to salesforce but I get a page with the error :
>>>> Error: Unable to resolve request into a Service Provider
>>>>
>>>> Henk
>>>>
>>>>
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user(a)lists.jboss.org
>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>> --
>>> Bill Burke
>>> JBoss, a division of Red Hat
>>>
http://bill.burkecentral.com
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org
>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>