8:26 a.m.
Hello Keycloakers,
I am trying to integrate Keycloak with an SP using SAML. I downloaded
keycloak metadata using
https://<server>/auth/realms/<realmName>/protocol/saml/descriptor.
I configured this metadata in my metadata provider (for the whole
federation). The SPs now can see the IdP (Keycloak). How do I configure
Keycloak to use my federation metadata? I mean, instead of configuring
each client manually, keycloak could read this descriptor file, and get the
Keys (public keys of service provides) and URLs from there. At least that
is how we are used to do when using Shibboleth.
--
Rafael Weingärtner
8:53 a.m.
On 08/14/2018 09:26 AM, Rafael Weingärtner wrote:
Hello Keycloakers,
I am trying to integrate Keycloak with an SP using SAML. I downloaded
keycloak metadata using
https://<server>/auth/realms/<realmName>/protocol/saml/descriptor.
I configured this metadata in my metadata provider (for the whole
federation). The SPs now can see the IdP (Keycloak). How do I configure
Keycloak to use my federation metadata? I mean, instead of configuring
each client manually, keycloak could read this descriptor file, and get the
Keys (public keys of service provides) and URLs from there. At least that
is how we are used to do when using Shibboleth.
Using the Web Admin GUI, go to the relevant realm page. In the left
panel is a "Clients" tab, click on that. On the "Clients" page click
on
"Create" in the upper right. On the "Add Client" page is a
"import" box,
enter your SP metadata there. Make sure the client protocol is set to saml.
--
John Dennis
9:03 a.m.
Thanks!
I tried using that, but I received an error. Now I found out why. my SP
metadata file had the following line:
<?xml version="1.0" encoding="UTF-8"?>
That was breaking the parser.
On Tue, Aug 14, 2018 at 10:53 AM, John Dennis <jdennis(a)redhat.com> wrote:
On 08/14/2018 09:26 AM, Rafael Weingärtner wrote:
> Hello Keycloakers,
>
> I am trying to integrate Keycloak with an SP using SAML. I downloaded
> keycloak metadata using
> https://<server>/auth/realms/<realmName>/protocol/saml/descriptor.
> I configured this metadata in my metadata provider (for the whole
> federation). The SPs now can see the IdP (Keycloak). How do I configure
> Keycloak to use my federation metadata? I mean, instead of configuring
> each client manually, keycloak could read this descriptor file, and get
> the
> Keys (public keys of service provides) and URLs from there. At least that
> is how we are used to do when using Shibboleth.
>
Using the Web Admin GUI, go to the relevant realm page. In the left panel
is a "Clients" tab, click on that. On the "Clients" page click on
"Create"
in the upper right. On the "Add Client" page is a "import" box, enter
your
SP metadata there. Make sure the client protocol is set to saml.
--
John Dennis
--
Rafael Weingärtner
2795
days inactive
2795
days old
2 comments
2 participants
participants (2)
-
John Dennis -
Rafael Weingärtner