Re: [keycloak-user] AD FS - No assertion from response

What does your authnrequest look like? ADFS is really fickle about format. Common issues with the authnrequest are: 1. Nameidformat 2. Authncontextclassref 3. Sha1 signature #1 is the biggest issue I see. You need to write a claims rule in adfs to make sure it maps properly or just remove the nameidformat from the authnrequest. Marc Boorshtein CTO, Tremolo Security, Inc. On Jul 28, 2016 6:22 AM, "Robert van Loenhout" <r.vanloenhout(a)greenvalley.nl&gt; wrote: Hi, I’m trying to use Keycloak 2.0.0.Final with AD FS 2.0 as an identity provider. I think I’ve set up everything, but I am getting an internal error from keycloak. The server log contains 2016-07-28 11:08:32,510 ERROR [io.undertow.request] (default task-37) UT005023: Exception handling request to /auth/realms/adfs-realm/broker/adfs/endpoint: org.jboss.resteasy.spi.UnhandledException: org.keycloak.broker.provider.IdentityBrokerException: Could not process response from SAML identity provider. The root cause is “No assertion from response” So far the only information about this I have found so far is a keycloak issue ticket https://issues.jboss.org/browse/KEYCLOAK-3103 Has anyone got any luck using AD FS in combination with keycloak? Is there any configuration I could change in AD FS or Keycloak or workaround this problem? _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user