Re: [keycloak-user] IDP SAMLV2.0 with Salesforce

Hey, do you know if Salesforce as an SP works if the IDP is localhost? Or did you have to test that outside a firewall? On 5/4/2015 3:03 AM, Marek Posolda wrote: > As far as I remember, it could be the certificate in CRT format exported > from keystore file via "keytool -export" . At least that's what worked > for me couple of years back when I did integration of Salesforce with > Picketlink: > https://docs.jboss.org/author/display/PLINK/Picketlink+as+IDP,+Salesforce... > > > > Marek > > On 30.4.2015 17:39, Bill Burke wrote: >> I set up a salesforce example and looked at the login response SAML >> document. Looks like no assertion data is being sent back at all by >> salesforce. >> >> On 4/30/2015 9:43 AM, Bill Burke wrote: >>> i have no idea. Basically this error is stating that the login >>> response >>> saml document has no assertions within it. If there are no >>> assertions, >>> then there has been no identity data sent. >>> >>> I'm looking now, but can you send me a link on how to set up >>> Salesforce >>> as an IDP? Is one able to set up a free account and such? >>> >>> On 4/30/2015 9:25 AM, Henk Laracker wrote: >>>> Hi Bill, >>>> >>>> I don¹t know why I missed that, thanks! Salesforce respons know with >>>> the >>>> correct login page. After logging in in Salesforce, I¹m redirected to >>>> keycloak again with a internal error: >>>> >>>> Caused by: org.keycloak.broker.provider.IdentityBrokerException: >>>> Could not >>>> process response from SAML identity provider. >>>> at >>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLEndpo >>>> >>>> >>>> int.java:299) >>>> at >>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.handleSamlResponse(SAMLEndpoi >>>> >>>> >>>> nt.java:343) >>>> at >>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.execute(SAMLEndpoint.java:169 >>>> >>>> >>>> ) >>>> at >>>> org.keycloak.broker.saml.SAMLEndpoint.postBinding(SAMLEndpoint.java:117) >>>> >>>> >>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>> [rt.jar:1.8.0_45] >>>> at >>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:6 >>>> >>>> >>>> 2) [rt.jar:1.8.0_45] >>>> at >>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImp >>>> >>>> >>>> l.java:43) [rt.jar:1.8.0_45] >>>> at java.lang.reflect.Method.invoke(Method.java:497) >>>> [rt.jar:1.8.0_45] >>>> at >>>> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:1 >>>> >>>> >>>> 37) [resteasy-jaxrs-3.0.10.Final.jar:] >>>> at >>>> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethod >>>> >>>> >>>> Invoker.java:296) [resteasy-jaxrs-3.0.10.Final.jar:] >>>> at >>>> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker. >>>> >>>> >>>> java:250) [resteasy-jaxrs-3.0.10.Final.jar:] >>>> at >>>> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Resourc >>>> >>>> >>>> eLocatorInvoker.java:140) [resteasy-jaxrs-3.0.10.Final.jar:] >>>> at >>>> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoke >>>> >>>> >>>> r.java:109) [resteasy-jaxrs-3.0.10.Final.jar:] >>>> at >>>> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Resourc >>>> >>>> >>>> eLocatorInvoker.java:135) [resteasy-jaxrs-3.0.10.Final.jar:] >>>> at >>>> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoke >>>> >>>> >>>> r.java:103) [resteasy-jaxrs-3.0.10.Final.jar:] >>>> at >>>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher. >>>> >>>> >>>> java:356) [resteasy-jaxrs-3.0.10.Final.jar:] >>>> ... 39 more >>>> Caused by: org.keycloak.broker.provider.IdentityBrokerException: No >>>> assertion from response. >>>> at >>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.getAssertion(SAMLEndpoint.jav >>>> >>>> >>>> a:309) >>>> at >>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLEndpo >>>> >>>> >>>> int.java:264) >>>> ... 54 more >>>> >>>> Any idea? >>>> >>>> Henk >>>> >>>> >>>> >>>> >>>> On 30/04/15 14:31, "Bill Burke" <bburke(a)redhat.com&gt; wrote: >>>> >>>>> You want to chain keycloak server to Salesforce? >>>>> >>>>> If you create a SAMLv2 IdentityProvider in keycloak that points to >>>>> Salesforce, you;ll see after you create it, an Export button. Click >>>>> that. That will create an entity descriptor with all the >>>>> information >>>>> you need. >>>>> >>>>> On 4/30/2015 2:45 AM, Henk Laracker wrote: >>>>>> Hi, >>>>>> >>>>>> I like to use Salesforce as Identity Provider, the metadata >>>>>> provided by >>>>>> salesforce can be imported. >>>>>> But I need to specify the Service Provider in salesforce, I have >>>>>> to fill >>>>>> in a couple of fields, but two of them I don¹t understand (and are >>>>>> mandatory). Does someone have any clue >>>>>> >>>>>> 1. entity id , remark of salesforce : get this value from your >>>>>> serviceprovider >>>>>> 2. ACS URL, remark of slaesforce : The assertion consumer >>>>>> service. Get >>>>>> this value from your service provider. >>>>>> >>>>>> I have tried a lot of values but every-time I click the saml >>>>>> button on >>>>>> my app, it redirects to salesforce but I get a page with the >>>>>> error : >>>>>> Error: Unable to resolve request into a Service Provider >>>>>> >>>>>> Henk >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> keycloak-user mailing list >>>>>> keycloak-user(a)lists.jboss.org >>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >>>>>> >>>>> -- >>>>> Bill Burke >>>>> JBoss, a division of Red Hat >>>>> http://bill.burkecentral.com >>>>> _______________________________________________ >>>>> keycloak-user mailing list >>>>> keycloak-user(a)lists.jboss.org >>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user >