Re: [keycloak-user] IDP SAMLV2.0 with Salesforce

Hi Bill, Thank you this worked out! I user is created with my name saml.henk.laracker(a)p***n.nl , do you have any idee why the “saml” prefix is added? Henk On 30/04/15 18:44, "Bill Burke" <bburke(a)redhat.com&gt; wrote: > Ok, I was able to get this to work. The problem was I had to set a > "profile" for the connected app on Salesforce. I added a "System > Adminstrator" profile to the Connected App and it worked. > > I'm not sure how to upload a app certificate yet. Not sure what format > Salesforce is looking for. > > On 4/30/2015 11:39 AM, Bill Burke wrote: >> I set up a salesforce example and looked at the login response SAML >> document. Looks like no assertion data is being sent back at all by >> salesforce. >> >> On 4/30/2015 9:43 AM, Bill Burke wrote: >>> i have no idea. Basically this error is stating that the login >>> response >>> saml document has no assertions within it. If there are no assertions, >>> then there has been no identity data sent. >>> >>> I'm looking now, but can you send me a link on how to set up Salesforce >>> as an IDP? Is one able to set up a free account and such? >>> >>> On 4/30/2015 9:25 AM, Henk Laracker wrote: >>>> Hi Bill, >>>> >>>> I don¹t know why I missed that, thanks! Salesforce respons know with >>>> the >>>> correct login page. After logging in in Salesforce, I¹m redirected to >>>> keycloak again with a internal error: >>>> >>>> Caused by: org.keycloak.broker.provider.IdentityBrokerException: >>>> Could not >>>> process response from SAML identity provider. >>>> at >>>> >>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLE >>>> ndpo >>>> int.java:299) >>>> at >>>> >>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.handleSamlResponse(SAMLEn >>>> dpoi >>>> nt.java:343) >>>> at >>>> >>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.execute(SAMLEndpoint.java >>>> :169 >>>> ) >>>> at >>>> >>>> org.keycloak.broker.saml.SAMLEndpoint.postBinding(SAMLEndpoint.java:117 >>>> ) >>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>> [rt.jar:1.8.0_45] >>>> at >>>> >>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja >>>> va:6 >>>> 2) [rt.jar:1.8.0_45] >>>> at >>>> >>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso >>>> rImp >>>> l.java:43) [rt.jar:1.8.0_45] >>>> at java.lang.reflect.Method.invoke(Method.java:497) [rt.jar:1.8.0_45] >>>> at >>>> >>>> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.ja >>>> va:1 >>>> 37) [resteasy-jaxrs-3.0.10.Final.jar:] >>>> at >>>> >>>> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMe >>>> thod >>>> Invoker.java:296) [resteasy-jaxrs-3.0.10.Final.jar:] >>>> at >>>> >>>> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvo >>>> ker. >>>> java:250) [resteasy-jaxrs-3.0.10.Final.jar:] >>>> at >>>> >>>> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Res >>>> ourc >>>> eLocatorInvoker.java:140) [resteasy-jaxrs-3.0.10.Final.jar:] >>>> at >>>> >>>> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorIn >>>> voke >>>> r.java:109) [resteasy-jaxrs-3.0.10.Final.jar:] >>>> at >>>> >>>> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Res >>>> ourc >>>> eLocatorInvoker.java:135) [resteasy-jaxrs-3.0.10.Final.jar:] >>>> at >>>> >>>> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorIn >>>> voke >>>> r.java:103) [resteasy-jaxrs-3.0.10.Final.jar:] >>>> at >>>> >>>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatc >>>> her. >>>> java:356) [resteasy-jaxrs-3.0.10.Final.jar:] >>>> ... 39 more >>>> Caused by: org.keycloak.broker.provider.IdentityBrokerException: No >>>> assertion from response. >>>> at >>>> >>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.getAssertion(SAMLEndpoint >>>> .jav >>>> a:309) >>>> at >>>> >>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLE >>>> ndpo >>>> int.java:264) >>>> ... 54 more >>>> >>>> Any idea? >>>> >>>> Henk >>>> >>>> >>>> >>>> >>>> On 30/04/15 14:31, "Bill Burke" <bburke(a)redhat.com&gt; wrote: >>>> >>>>> You want to chain keycloak server to Salesforce? >>>>> >>>>> If you create a SAMLv2 IdentityProvider in keycloak that points to >>>>> Salesforce, you;ll see after you create it, an Export button. Click >>>>> that. That will create an entity descriptor with all the information >>>>> you need. >>>>> >>>>> On 4/30/2015 2:45 AM, Henk Laracker wrote: >>>>>> Hi, >>>>>> >>>>>> I like to use Salesforce as Identity Provider, the metadata >>>>>> provided by >>>>>> salesforce can be imported. >>>>>> But I need to specify the Service Provider in salesforce, I have to >>>>>> fill >>>>>> in a couple of fields, but two of them I don¹t understand (and are >>>>>> mandatory). Does someone have any clue >>>>>> >>>>>> 1. entity id , remark of salesforce : get this value from your >>>>>> serviceprovider >>>>>> 2. ACS URL, remark of slaesforce : The assertion consumer >>>>>> service. Get >>>>>> this value from your service provider. >>>>>> >>>>>> I have tried a lot of values but every-time I click the saml button >>>>>> on >>>>>> my app, it redirects to salesforce but I get a page with the error : >>>>>> Error: Unable to resolve request into a Service Provider >>>>>> >>>>>> Henk >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> keycloak-user mailing list >>>>>> keycloak-user(a)lists.jboss.org >>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>> >>>>> >>>>> -- >>>>> Bill Burke >>>>> JBoss, a division of Red Hat >>>>> http://bill.burkecentral.com >>>>> _______________________________________________ >>>>> keycloak-user mailing list >>>>> keycloak-user(a)lists.jboss.org >>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>> >>> >> > > -- > Bill Burke > JBoss, a division of Red Hat > http://bill.burkecentral.com > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user