Could you please file a KEYCLOAK JIRA for improving the documentation here?
There's a link ("Report an issue") in the relevant section which you can
use for that.
On Mon, May 21, 2018 at 8:29 AM, Leonid Rozenblyum <lrozenblyum(a)gmail.com>
wrote:
Thank you very much!
It would be a great idea to enrich the documentation on KeyCloak SAML
Tomcat adapter with the info about the mandatory Master SAML Processing
URL
It would be a life saver!
On Fri, May 18, 2018 at 5:34 PM, Qiang He <Qiang.He(a)lombardrisk.com>
wrote:
> No, you don’t need set up any listener. The adapter will automatically
> handle the url.
>
>
>
> Only when you don’t want to install the adapter in Tomcat, and want to
use
> the pure servlet in your SP application, you need to set up listener for
> the /saml url.
>
>
>
>
>
> *From:* Leonid Rozenblyum [mailto:lrozenblyum@gmail.com]
> *Sent:* 18 May 2018 14:53
> *To:* Qiang He <Qiang.He(a)lombardrisk.com>; keycloak-user(a)lists.jboss.org
> *Subject:* Re: [keycloak-user] Tomcat SAML Client adapter and infinite
> redirect
>
>
>
> Thank you very much Qiang He!
>
>
>
> My Master SAML Processing URL was NOT set at all in keycloak (I wasn't
> aware it should be set... Before trying keycloak SAML tomcat adapter I've
> tried spring security saml extension and it didn't require this URL...)
>
>
>
> I've set it up now to <host:port>/<mywebapp>/saml
>
>
>
> It looks like the infinite redirect issue has been solved!
>
>
>
> Do I need to set up something else e.g. some listener on this /saml url
or
> tomcat adapter automatically sets up something listening to this url?
>
>
>
>
>
>
>
> On Fri, May 18, 2018 at 11:25 AM, Qiang He <Qiang.He(a)lombardrisk.com>
> wrote:
>
> What's your Master SAML Processing URL in the Clients settings in the
> keycloak sever? Make sure it ends with "/saml",
>
> Or in your client adapter setting, set the ACS URL ending with /rest, as
> per the document mentioned (copied below):
>
> assertionConsumerServiceUrl
> URL of the assertion consumer service (ACS) where the IDP login service
> should send responses to. This setting is OPTIONAL. By default it is
unset,
> relying on the configuration in the IdP. When set, it must end in /saml,
> e.g.
http://sp.domain.com/my/endpoint/for/saml. The value of this
> property is sent in AssertionConsumerServiceURL attribute of SAML
> AuthnRequest message. This property is typically accompanied by the
> responseBinding attribute.
>
>
>
>
> -----Original Message-----
> From: keycloak-user-bounces(a)lists.jboss.org [mailto:
keycloak-user-bounces@
>
lists.jboss.org] On Behalf Of Leonid Rozenblyum
> Sent: 17 May 2018 21:06
> To: keycloak-user(a)lists.jboss.org
> Subject: [keycloak-user] Tomcat SAML Client adapter and infinite redirect
>
> Hello everybody.
> I'm trying to set up Tomcat <-> Keycloak SAML integration.
> I've got stuck with the infinite redirect issue: after successful
> authentication I'm returned back to Tomcat Web app (to its protected
> resource) and then redirected back to keycloak with message YOU ARE
> ALREADY LOGGED IN.
>
> Keycloak 3.4.3
> Tomcat 8
>
> The problem is practically the same as described:
>
https://stackoverflow.com/questions/43452853/unable-to-
> redirect-to-my-tomcat-application-after-keycloak-login
>
> The problem is reproduced when I try to load
http://localhost:8080/lr/
> protected
> (the web application is attached).
>
> Thanks for every advice!
>
>
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user