Re: [keycloak-user] Import External IDP Config

Hi, This is the metadata file which give a feedback that everything is ok, but nothing is read: <?xml version="1.0" encoding="UTF-8"?> <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="_17f4835f-df3b-41eb-bf98-4321cdab2bf6" entityID="http://bla.com/trust"> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> <ds:Reference URI="#_17f4835f-df3b-41eb-bf98-4321cdab2bf6"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> <ds:DigestValue>mErB5PiBx2+KMZYu8prJSZxSy6o4FeJc/OZUuckhie0=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>iUfHqj48oYZA+sy+mogIJG3ooSl4l/XBE1NCnnSYzqxHgftNXqLBMcgldnIIiDwwGXyKAHN5d7aFk3FbURwQ1/1V4LlaUrh8Ppm82/DXTJDLrLyyj1zk/5FBsSRW8gW3roB0+LCAE+xzr4qKWiCtVroIPwTP1wyGwdpfiF+RUd9EnRdPmRDb3hYV3/77tXBfsbDv0bz5EPzbAmsXaufndjpnuDluz5kddJyjdjX/77MCpTdBR2oLWx6/lxH2ZGEJf/MtyMB58TnmPLFQ5sHW9S2KkO3ODGbpy1+rw5/sYe5TFYYWGhIu7+uHGuhl94k4x/i1N1ch9Zs02Ou1V6CmOg==</ds:SignatureValue> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data> <X509Certificate>MIIC5jCCAc6gAwIBAgIQXn1r5kqQao9JlOksbxZDXjANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBhZGZzLmRpcmVjdGVuZXJneS5jb20wHhcNMTUwMTIzMjIwNDM0WhcNMTYwMTIzMjIwNDM0WjAvMS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBhZGZzLmRpcmVjdGVuZXJneS5jb20wggEiLA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDilI+XZfNZ/b2pQWeqDLVyXEIn+6BL3KcAv/R0tRtC2mlnQFpf3uHxF8sd3kdHcexB/ugihNvVdZJExlnkKCoL8kvNFGeDc0T9vOItd2A/Hm1WCRtqc+cZ/z9uPwqZxnRTjEfCn+X/mbCrG4VQbeMsGy/UKib5WUUuXpnjOaaZmfIoTMeJ0vMj9GBZUGBJu56bbiWOK/mYsXy8Xb2uNf7uXvFmWcAIriZMhHgML6KhDHeqhu3QAwrXEbp4co5+FSNaaelUHhrDxz/0yc9Lxmuf+OnKJu/CYcdAQPzaFvn33ceJE/yJDe2lYFocSx0930lM5Q/SWMMGT+OvQZVsDaLTAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKe6zgWy6jIOFCCyTtA/9NFaJP54GnSOhRpbApK+PvPDUBjRUj5hpWMKg9O964HofAorO5KZOsiPMfKI5dAfLzAgts0n0ji41UMGbnpTKJ3N9pWTsTG1s+sTOA63mmIRms+So/y/JsA3YWa+Apx9EvB/GkOrT9vRIbCz31bMAY9ohwMyhfYv7i5qLjWYnbF19ioLHvO527nfr8XcsSNYJLkHt3VMWX2Q1OfjgWN/XFkBY/Moj0J/PUkXDii928RAfylLD3JZdeuhw5kQBOvWFh8BiVQpvaETZcGeUzit6O1072kDfq+UGOMSUB9DOQde2/4nExr6Qr6XW9vp3JetmPU=</X509Certificate> </X509Data> </KeyInfo> </ds:Signature> <RoleDescriptor xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="fed:ApplicationServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trus... http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="bla.com"> <KeyDescriptor use="encryption"> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data> <X509Certificate>MIIC7DCCAdSgAwIBAgIQdtaCBGq5JZlHSOqPMWkKjjANBgkqhkiG9w0BAQsFADAyMTAwLgYDVQQDEydBREZTIEVuY3J5cHRpb24gLSBhZGZzLmRpcmVjdGVuZXJneS5jb20wHhcNMTUwMTIzMjIwNDI2WhcNMTYwMTIzMjIwNDI2WjAyMTAwLgYDVQQDEydBREZTIEVuY3J5cHRpb24gLSBhZGZzLmSpcmVjdGVuZXJneS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKq1rfU0BsBW8cEPxpla6sWZhEA7AvTPFiNUJ8B1Ih3O01A6dq7mGycTHdxG+m3ZIUcCmihExjxrGRT4pd9f78uJCCHxm+gBfq8gHgA2gml/jtxeRRc4h8cl3qgBdTdpyEN6dFLbGYRgNo1JIDSJzSrNbmNggoKpzuWLMBjJ2AHfnG6hAzJWtvM2phf88WbWoxYAQmm1Fq3Usy6WgYFg+Iz1Z4XEgAB35bG4nmqROU4U3djmR4DxZup4zbKi422t32tFy8MU/VEshiREKB22BcxNHTXi1YHXNtCQixMcOvK21w/Ha1o8AypZ9yBBj3cfwTJ9NLO4Xf9+Mf9FeA6BgZAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKJHmw9MjdjXYf9q4Szo76xDfZC1jV+MXPizPEKzujjF5V90u6WWWbmR4ye9zT6nuMfFP7fNbm46A9yhuUiqeXpLQP80rC7d5XJeEhIhogLRH6xJXKOF5XVbN0RGi7ARTHsEzjyuZWs2N2ibPU55gLTlGTr/aW7jbs5UWEXG2ymM4SmiAUQbG8bRXNI6bQYe7Db2XEZ4H2D8TUMcHn0LtTF+dhpQTOep9Yf8/6Qdci/6FptSfi4nNPPKzvGfBu9uVaeCl/aGI3LA8QYIPbdIfUoJge5ym04j9sUVW7fkyWY8WkmQPZHntjeTYkBH4nLUH/OkLCa1KC6a3K67cp3j6AE=</X509Certificate> </X509Data> </KeyInfo> </KeyDescriptor> <fed:ClaimTypesRequested> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddr... Optional="true"> <auth:DisplayName>E-Mail Address</auth:DisplayName> <auth:Description>The e-mail address of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname... Optional="true"> <auth:DisplayName>Given Name</auth:DisplayName> <auth:Description>The given name of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> <auth:DisplayName>Name</auth:DisplayName> <auth:Description>The unique name of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> <auth:DisplayName>UPN</auth:DisplayName> <auth:Description>The user principal name (UPN) of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> <auth:DisplayName>Common Name</auth:DisplayName> <auth:Description>The common name of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or ADFS 1.0</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> <auth:DisplayName>Group</auth:DisplayName> <auth:Description>A group that the user is a member of</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or ADFS 1.0</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> <auth:DisplayName>Role</auth:DisplayName> <auth:Description>A role that the user has</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname&q... Optional="true"> <auth:DisplayName>Surname</auth:DisplayName> <auth:Description>The surname of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepe... Optional="true"> <auth:DisplayName>PPID</auth:DisplayName> <auth:Description>The private identifier of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameident... Optional="true"> <auth:DisplayName>Name ID</auth:DisplayName> <auth:Description>The SAML name identifier of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authent... Optional="true"> <auth:DisplayName>Authentication time stamp</auth:DisplayName> <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authent... Optional="true"> <auth:DisplayName>Authentication method</auth:DisplayName> <auth:Description>The method used to authenticate the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlys... Optional="true"> <auth:DisplayName>Deny only group SID</auth:DisplayName> <auth:Description>The deny-only group SID of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonl... Optional="true"> <auth:DisplayName>Deny only primary SID</auth:DisplayName> <auth:Description>The deny-only primary SID of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonl... Optional="true"> <auth:DisplayName>Deny only primary group SID</auth:DisplayName> <auth:Description>The deny-only primary group SID of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsi... Optional="true"> <auth:DisplayName>Group SID</auth:DisplayName> <auth:Description>The group SID of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primary... Optional="true"> <auth:DisplayName>Primary group SID</auth:DisplayName> <auth:Description>The primary group SID of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primary... Optional="true"> <auth:DisplayName>Primary SID</auth:DisplayName> <auth:Description>The primary SID of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windows... Optional="true"> <auth:DisplayName>Windows account name</auth:DisplayName> <auth:Description>The domain account name of the user in the form of &lt;domain&gt;\&lt;user&gt;</auth:Description> </auth:ClaimType> </fed:ClaimTypesRequested> <fed:TargetScopes> <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> <Address>https://bla.com/adfs/services/trust/2005/issuedtokenmixedasymm... </EndpointReference> <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> <Address>https://bla.com/adfs/services/trust/2005/issuedtokenmixedsymme... </EndpointReference> <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> <Address>https://bla.com/adfs/services/trust/13/issuedtokenmixedasymmet... </EndpointReference> <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> <Address>https://bla.com/adfs/services/trust/13/issuedtokenmixedsymmetr... </EndpointReference> <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> <Address>https://bla.com/adfs/ls/</Address> </EndpointReference> <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> <Address>http://bla.com/adfs/services/trust</Address> </EndpointReference> </fed:TargetScopes> <fed:ApplicationServiceEndpoint> <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> <Address>https://bla.com/adfs/services/trust/2005/issuedtokenmixedasymm... </EndpointReference> </fed:ApplicationServiceEndpoint> <fed:PassiveRequestorEndpoint> <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> <Address>https://bla.com/adfs/ls/</Address> </EndpointReference> </fed:PassiveRequestorEndpoint> </RoleDescriptor> <RoleDescriptor xmlns:fed="http://docs.oasis-open.org/wsfed/federation/200706" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="fed:SecurityTokenServiceType" protocolSupportEnumeration="http://docs.oasis-open.org/ws-sx/ws-trus... http://schemas.xmlsoap.org/ws/2005/02/trust http://docs.oasis-open.org/wsfed/federation/200706" ServiceDisplayName="bla.com"> <KeyDescriptor use="signing"> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data> <X509Certificate>MIIC5jCCAc6gAwIBAgIQXn1r5kqQao9JlOksbxZDXjANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBhZGZzLmRpcmVjdGVuZXJneS5jb20wHhcNMTUwMTIzMjIwNDM0WhcNMTYwMTIzMjIwNDM0WjAvMS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBhZGZzLmRpcmVjdGVuZXJneS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDilI+XZfNZ/b2pQWeqDLVyXEIn+6BL3KcAv/R0tRtC2mlnQFpf3uHxF8sd3kdHcexB/ugihNvVdZJExlnkKCoL8kvNFGeDc0T9vOItd2A/Hm1WCRtqc+cZ/z9uPwqZxnRTjEfCn+X/mbCrG4VQbeMsGy/UKib5WUUuXpnjOaaZmfIoTMeJ0vLj9GBZUGBJu56bbiWOK/mYsXy8Xb2uNf7uXvFmWcAIriZMhHgML6KhDHeqhu3QAwrXEbp4co5+FSNaaelUHhrDxz/0yc9Lxmuf+OnKJu/CYcdAQPzaFvn33ceJE/yJDe2lYFocSx0930lM5Q/SWMMGT+OvQZVsDaLTAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKe6zgWy6jIOFCCyTtA/9NFaJP54GnSOhRpbApK+PvPDUBjRUj5hpWMKg9O964HofAorO5VZOsiPMfKI5dAfLzAgts0n0ji41UMGbnpTKJ3N9pWTsTG1s+sTOA63mmIRms+So/y/JsA3YWa+Apx9EvB/GkOrT9vRIbCz31bMAY6ohwMyhfYv7i5qLjWYnbF19ioLHvO527nfr8XcsSNYJLkHt3VMWX2Q1OfjgWN/XFkBY/Moj0J/PUkXDii928RAfylLD3JZdeuhw5kQBOvWFh8BiVQpvaETZcGeUzit6O1072kDfq+UGOMSUB9DOQde2/4nExr6Qr6XW9vp3JetmPU=</X509Certificate> </X509Data> </KeyInfo> </KeyDescriptor> <fed:TokenTypesOffered> <fed:TokenType Uri="urn:oasis:names:tc:SAML:2.0:assertion" /> <fed:TokenType Uri="urn:oasis:names:tc:SAML:1.0:assertion" /> </fed:TokenTypesOffered> <fed:ClaimTypesOffered> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddr... Optional="true"> <auth:DisplayName>E-Mail Address</auth:DisplayName> <auth:Description>The e-mail address of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname... Optional="true"> <auth:DisplayName>Given Name</auth:DisplayName> <auth:Description>The given name of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" Optional="true"> <auth:DisplayName>Name</auth:DisplayName> <auth:Description>The unique name of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" Optional="true"> <auth:DisplayName>UPN</auth:DisplayName> <auth:Description>The user principal name (UPN) of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/CommonName" Optional="true"> <auth:DisplayName>Common Name</auth:DisplayName> <auth:Description>The common name of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/EmailAddress" Optional="true"> <auth:DisplayName>AD FS 1.x E-Mail Address</auth:DisplayName> <auth:Description>The e-mail address of the user when interoperating with AD FS 1.1 or ADFS 1.0</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/Group" Optional="true"> <auth:DisplayName>Group</auth:DisplayName> <auth:Description>A group that the user is a member of</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/claims/UPN" Optional="true"> <auth:DisplayName>AD FS 1.x UPN</auth:DisplayName> <auth:Description>The UPN of the user when interoperating with AD FS 1.1 or ADFS 1.0</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/role" Optional="true"> <auth:DisplayName>Role</auth:DisplayName> <auth:Description>A role that the user has</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname&q... Optional="true"> <auth:DisplayName>Surname</auth:DisplayName> <auth:Description>The surname of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepe... Optional="true"> <auth:DisplayName>PPID</auth:DisplayName> <auth:Description>The private identifier of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameident... Optional="true"> <auth:DisplayName>Name ID</auth:DisplayName> <auth:Description>The SAML name identifier of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authent... Optional="true"> <auth:DisplayName>Authentication time stamp</auth:DisplayName> <auth:Description>Used to display the time and date that the user was authenticated</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/authent... Optional="true"> <auth:DisplayName>Authentication method</auth:DisplayName> <auth:Description>The method used to authenticate the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlys... Optional="true"> <auth:DisplayName>Deny only group SID</auth:DisplayName> <auth:Description>The deny-only group SID of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonl... Optional="true"> <auth:DisplayName>Deny only primary SID</auth:DisplayName> <auth:Description>The deny-only primary SID of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonl... Optional="true"> <auth:DisplayName>Deny only primary group SID</auth:DisplayName> <auth:Description>The deny-only primary group SID of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsi... Optional="true"> <auth:DisplayName>Group SID</auth:DisplayName> <auth:Description>The group SID of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primary... Optional="true"> <auth:DisplayName>Primary group SID</auth:DisplayName> <auth:Description>The primary group SID of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/primary... Optional="true"> <auth:DisplayName>Primary SID</auth:DisplayName> <auth:Description>The primary SID of the user</auth:Description> </auth:ClaimType> <auth:ClaimType xmlns:auth="http://docs.oasis-open.org/wsfed/authorization/200706" Uri="http://schemas.microsoft.com/ws/2008/06/identity/claims/windows... Optional="true"> <auth:DisplayName>Windows account name</auth:DisplayName> <auth:Description>The domain account name of the user in the form of &lt;domain&gt;\&lt;user&gt;</auth:Description> </auth:ClaimType> </fed:ClaimTypesOffered> <fed:SecurityTokenServiceEndpoint> <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> <Address>https://bla.com/adfs/services/trust/2005/certificatemixed</... <Metadata> <Metadata xmlns="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <wsx:MetadataSection xmlns="" Dialect="http://schemas.xmlsoap.org/ws/2004/09/mex"> <wsx:MetadataReference> <Address xmlns="http://www.w3.org/2005/08/addressing">https://bla.com... </wsx:MetadataReference> </wsx:MetadataSection> </Metadata> </Metadata> </EndpointReference> </fed:SecurityTokenServiceEndpoint> <fed:PassiveRequestorEndpoint> <EndpointReference xmlns="http://www.w3.org/2005/08/addressing"> <Address>https://bla.com/adfs/ls/</Address> </EndpointReference> </fed:PassiveRequestorEndpoint> </RoleDescriptor> <SPSSODescriptor WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <KeyDescriptor use="encryption"> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data> <X509Certificate>MIIC7DCCAdSgAwIBAgIQdtaCBGq5JZlHSOqPMWkKjjANBgkqhkiG9w0BAQsFADAyMTAwLgYDVQQDEydBREZTIEVuY3J5cHRpb24gLSBhZGZzLmRpcmVjdGVuZXJneS5jb20wHhcNMTUwMTIzMjIwNDI2WhcNMTYwMTIzMjIwNDI2WjAyMTAwLgYDVQQDEydBREZTIEVuY3J5cHRpb24gLSBhZGZzLmRpcmVjdGVuZXJneS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKq1rfU0BsBW8cEPxpla6sWZhEA7AvTPFiNUJ8B1Ii3O01A6dq7mGycTHdxG+m3ZIUcCmihExjxrGRT4pd9f78uJCCHxm+gBfq8gHgA2gml/jtxeRRc4h8cl3qgBdTdpyEN6dFLbGYRgNo1JIDSJzSrNbmNggoKpzuWLMBjJ2AHfnG6hAzJWtvM2phf88WbWoxYAQmm1Fq3Usy6WgYFg+Iz1Z4XEgAB35bG4nmqROU4U3djmR4DxZup4zbKi422t32tFy8MU/VEshiREKB22BcxNHTXi1YHXNtCQixMcOvK21w/Ha1o8AypZ8yBBj3cfwTJ9NLO4Xf9+Mf9FeA6BgZAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKJHmw9MjdjXYf9q4Szo76xDfZC1jV+MXPizPEKzujjF5V90u6WWWbmR4ye9zT6nuMfFP7fNbm46A9yhuUiqeXpLQP80rC7d5XJeEhIhogLRH6xJXKOF5XVbN0RGi7ARTHsFzjyuZWs2N2ibPU55gLTlGTr/aW7jbs5UWEXG2ymM4SmiAUQbG8bRXNI6bQYe7Db2XEZ4H2D8TUMcHn0LtTF+dhpQTOep9Yf8/6Qdci/6FptSfi4nNPPKzvGfBu9uVaeCl/aGI3LA8QYIPbdIfUoJge5ym04j9sUVW7fkyWY8WkmQPZHntjeTYkBH4nLUH/OkLCa1KC6a3K67cp3j6AE=</X509Certificate> </X509Data> </KeyInfo> </KeyDescriptor> <KeyDescriptor use="signing"> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data> <X509Certificate>MIIC5jCCAc6gAwIBAgIQXn1r5kqQao9JlOksbxZDXjANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBhZGZzLmRpcmVjdGVuZXJneS5jb20wHhcNMTUwMTIzMjIwNDM0WhcNMTYwMTIzMjIwNDM0WjAvMS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBhZGZzLmRpcmVjdGVuYXJneS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDilI+XZfNZ/b2pQWeqDLVyXEIn+6BL3KcAv/R0tRtC2mlnQFpf3uHxF8sd3kdHcexB/ugihNvVdZJExlnkKCoL8kvNFGeDc0T9vOItd2A/Hm1WCRtqc+cZ/z9uPwqZxnRTjEfCn+X/mbCrG4VQbeMsGy/UKib5WUUuXpnjOaaZmfIoTMeJ0vMj9GBZUGBJu56bbiWOK/mYsXy8Xb2uNf7uXvFmWcAIriZMhHgML6KhDHeqhu3QAwrXEbp4co5+FSNaaelUHhrDxz/0yc9Lxmuf+OnKJu/CYcdAQPzaFvn33ceJE/yJDe2lYFocSx0930lM5Q/SWMMGT+OvQZVsDaLTAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKe6zgWy6jIOFCCyTtA/9NFaJP54GnSOhRpbApK+PvPDUBjRUj5hpVMKg9O964HofAorO5VZOsiPMfKI5dAfLzAgts0n0ji41UMGbnpTKJ3N9pWTsTG1s+sTOA63mmIRms+So/y/JsA3YWa+Apx9EvB/GkOrT9vRIbCz31bMAY9ohwMyhfYv7i5qLjWYnbF19ioLHvO527nfr8XcsSNYJLkHt3VMWX2Q1OfjgWN/XFkBY/Moj0J/PUkXDii928RAfylLD3JZdeuhw5kQBOvWFh8BiVQpvaETZcGeUzit6O1072kDfq+UGOMSUB9DOQde2/4nExr6Qr6XW9vp3JetmPU=</X509Certificate> </X509Data> </KeyInfo> </KeyDescriptor> <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://bla.com/adfs/ls/" /> <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://bla.com/adfs/ls/" /> <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://bla.com/adfs/ls/" index="0" isDefault="true" /> <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://bla.com/adfs/ls/" index="1" /> <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://bla.com/adfs/ls/" index="2" /> </SPSSODescriptor> <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> <KeyDescriptor use="encryption"> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data> <X509Certificate>MIIC7DCCAdSgAwIBAgIQdtaCBGq5JZlHSOqPMWkKjjANBgkqhkiG9w0BAQsFADAyMTAwLgYDVQQDEydBREZTIEVuY3J5cHRpb24gLSBhZGZzLmRpcmVjdGVuZXJneS5jb20wHhcNMTUwMTIzMjIwNDI2WhcNMTYwMTIzMjIwNDI2WjAyMTAwLgYDVQQDEydBREZTIEVuY3J5cHRpb24gLSBhZGZzLlRpcmVjdGVuZXJneS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKq1rfU0BsBW8cEPxpla6sWZhEA7AvTPFiNUJ8B1Ih3O01A6dq7mGycTHdxG+m3ZIUcCmihExjxrGRT4pd9f78uJCCHxm+gBfq8gHgA2gml/jtxeRRc4h8cl3qgBdTdpyEN6dFLbGYRgNo1JIDSJzSrNbmNggoKpzuWLMBjJ2AHfnG6hAzJWtvM2phf88WbWoxYAQmm1Fq3Usy6WgYFg+Iz1Z4XEgAB35bG4nmqROU4U3djmR4DxZup4zbKi422t32tFy8MU/VEshiREKB22BcxNHTXi1YHXNtCQixMcOvK21w/Ha1o8AypZ8yBBj3cfwTJ9NLO4Xf9+Mf9FeA6BgZAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKJHmw9MjdjXYf9q4Szo76xDfZC1jV+MXPizPEKzujjF5V90u6WWWbmR4ye9zT6nuMfFP7fNbm46A9yhuUiqeXpLQP80rC7d5XJeEhIhogLRH6xJXKOF5XVbN0RGi7ARTHsEzjyuZWs2N2ibPU55gLTlGTr/aW7jbs5UWEXG2ymM4SmiAUQbG8bRXNI6bQYe7Db2XEZ4H2D8TUMcHn0LtTF+dhpQTOep9Yf8/6Qdci/6FptSfi4nNPPKzvGfBu9uVaeCl/aGI3LA8QYIPbdIfUoJge5ym04j9sUVW7fkyWY8WkmQPZHntjeTYkBH4nLUH/OkLCa1KC6a3K67cp3j6AE=</X509Certificate> </X509Data> </KeyInfo> </KeyDescriptor> <KeyDescriptor use="signing"> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <X509Data> <X509Certificate>MIIC5jCCAc6gAwIBAgIQXn1r5kqQao9JlOksbxZDXjANBgkqhkiG9w0BAQsFADAvMS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBhZGZzLmRpcmVjdGVuZXJneS5jb20wHhcNMTUwMTIzMjIwNDM0WhcNMTYwMTIzMjIwNDM0WjAvMS0wKwYDVQQDEyRBREZTIFNpZ25pbmcgLSBhZGZzLmRpcmVjdGVuZXJneS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDilI+XZfNZ/b2pQWeqDLVyXEIn+6BL3KcAv/R0tRtC2mlnQFpf3uHxF8sd3kdHcexB/ugihNvVeZJExlnkKCoL8kvNFGeDc0T9vOItd2A/Hm1WCRtqc+cZ/z9uPwqZxnRTjEfCn+X/mbCrG4VQbeMsGy/UKib5WUUuXpnjOaaZmfIoTMeJ0vMj9GBZUGBJu56bbiWOK/mYsXy8Xb2uNf7uXvFmWcAIriZMhHgML6KhDHeqhu3QAwrXEbp4co5+FSNaaelUHhrDxz/0yc9Lxmuf+OnKJu/CYcdAQPzaFvn33ceJE/yJDe2lYFocSx0930lM5Q/SWMMGT+OvQZVsDaLTAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAKe6zgWy6jIOFCCyTtA/9NFaJP54GnSOhRpbApK+PvPDUBjRUj5hpWMKg9O964HofAorO5VZOsiPMfKI5dAfLzAgts0n0ji41UMGbnpTKJ3N9pWTsTG1s+sTOA63mmIRms+So/y/JsA3YWa+Apx9EvB/GkOrT9vRIbCz31bMAY9ohwMyhfYv7i5qLjWYnbF19ioLHvO527nfr8XcsSNYJLkHt3VMWX2Q1OfjgWN/XFkBY/Moj0J/PUkXDii928RAfylLD3JZdeuhw5kQBOvWFh8BiVQpvaETZcGeUzit6O1072kDfq+UGOMSUB9DOQde2/4nExr6Qr6XW9vp3JetmPU=</X509Certificate> </X509Data> </KeyInfo> </KeyDescriptor> <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://bla.com/adfs/ls/" /> <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://bla.com/adfs/ls/" /> <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat> <NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://bla.com/adfs/ls/" /> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://bla.com/adfs/ls/" /> <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailadd... NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="E-Mail Address" /> <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givennam... NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Given Name" /> <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name" /> <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="UPN" /> <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/CommonName" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Common Name" /> <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/EmailAddress" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x E-Mail Address" /> <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/Group" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group" /> <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/claims/UPN" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="AD FS 1.x UPN" /> <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/role&q... NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Role" /> <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname&... NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Surname" /> <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatep... NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="PPID" /> <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameiden... NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Name ID" /> <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authen... NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication time stamp" /> <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/authen... NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Authentication method" /> <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonly... NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only group SID" /> <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyon... NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary SID" /> <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/denyon... NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Deny only primary group SID" /> <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/groups... NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Group SID" /> <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primar... NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary group SID" /> <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/primar... NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Primary SID" /> <Attribute xmlns="urn:oasis:names:tc:SAML:2.0:assertion" Name="http://schemas.microsoft.com/ws/2008/06/identity/claims/window... NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Windows account name" /> </IDPSSODescriptor> </EntityDescriptor> Met vriendelijke groet / Yours sincerely / Mit freundlichen Grüßen / Très cordialement, Henk Laracker From: Raghu Prabhala <prabhalar@yahoo.com<mailto:prabhalar@yahoo.com>> Reply-To: Raghu Prabhala <prabhalar@yahoo.com<mailto:prabhalar@yahoo.com>> Date: Monday 8 June 2015 23:31 To: Henk Laracker <henk.laracker@planonsoftware.com<mailto:henk.laracker@planonsoftware.com>>, "keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>" <keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>> Subject: Re: [keycloak-user] Import External IDP Config Even I had similar issue earlier. Cleaning the browser cache and importing the config files addressed it You can give it a try. ________________________________ From: Henk Laracker <Henk.Laracker@planonsoftware.com<mailto:Henk.Laracker@planonsoftware.com>> To: "keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>" <keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>> Sent: Monday, June 8, 2015 9:51 AM Subject: [keycloak-user] Import External IDP Config Hi, Met vriendelijke groet / Yours sincerely / Mit freundlichen Grüßen / Très cordialement, Henk Laracker _______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org> https://lists.jboss.org/mailman/listinfo/keycloak-user