Re: [keycloak-user] Implementation of Keycloak (SAML) with Google Apps

Blank page with a 403? The URL is missing '/auth/'. Unless you've changed the context-path Keycloak is deployed to the url should be https://xyz/auth/realms/myrealmname/protocol/saml/googleapps On 25 November 2015 at 23:33, Thomas Schweizer-Bolzonello <thomas(a)schweizer.fr&gt; wrote: > > Hello Marek, > > Thanks for pointing me on this ressource. Very useful. > I'm now on these settings : > > Client ID : googleapps > Name : My Test Saml > Enabled : On > Include AuthnStatement : On > Sign Assertions : On (RSA_SHA256, EXCLUSIVE) > Client Signature Required : On > Name ID Format : email > IDP Initiated SSO URL Name : googleapps > == > Assertion Consumer Service Redirect Binding URL : > https://www.google.com/a/mydomain.com/acs > > When I'm accessing (manually or set via Google Admin console in SSO > settings) the following URL : > https://xyz/realms/myrealmname/protocol/saml/googleapps .. i'm facing > a totally blank page > > Error in Wildfly log : > 23:25:04,136 WARN [org.jboss.resteasy.core.ExceptionHandler] (default > task-107) failed to execute: javax.ws.rs.NotFoundException: Could not > find resource for full path: > https://xyz/realms/myrealmname/protocol/saml/googleapps > > Any idea ? > > Thanks > > Best regards, > Thomas > > 2015-11-25 11:51 GMT+01:00 Marek Posolda <mposolda(a)redhat.com&gt;: > > Longer time ago, I did the integration of picketlink with Google Apps, > > which > > is documented here: > > > > https://docs.jboss.org/author/display/PLINK/Picketlink+as+IDP,+Google+App... > > . Some steps might be outdated, but hopefully most of them is still > > applicable and can be (maybe with some tweaks) applied for Keycloak as > > well. > > Especially the part for configuring on Google side. I did not tried in > > practice with Keycloak yet, but I think that you may want to: > > - Use clientId like "google.com/a/yourdomain.com" for your client where > > yourdomain.com is your Google-Apps domain > > - Select "Sign assertions" so google-apps will verify the signature on > > assertion with the realm key you uploaded > > > > Other options might be kept default probably (not sure at 100% as I > > didn't > > try it myself yet) > > > > Marek > > > > > > On 25/11/15 10:42, Thomas Schweizer-Bolzonello wrote: > > > > Hello, > > Does someone have documentation on how to implement Keycloak with Google > > Apps ? > > I tried to implement a SAML client in a Keycloak realm but I'm lost > > with settings when creating one. > > > > Tried to use the official documentation and to search on the web but > > to no avail. > > > > If someone could point me to what settings to use in the SAML client I > > created, it would be great. > > I already took the key generated for the realm and uploaded it to Google > > Apps. > > > > Best regards, > > Thomas > > _______________________________________________ > > keycloak-user mailing list > > keycloak-user(a)lists.jboss.org > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > > > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user