Re: [keycloak-user] ADFS integration issue

Ok, so i double checked this behaviour and i'm indeed providing correct link to the ADFS (directly from browser with xml opened). What's interesting, is that while this error appears in Keycloak, ADFS seems to be importing everything just fine, so it doesn't look like it's affecting anything. It looks like ADFS is first checking whether the user provided a link to another ADFS (but maybe omitted the /federationmetadata/* part) and when it fails to find anything there it uses the link as provided. I can back this claim with a little observation - when given a fake url, it generates two errors within Keycloak instead of just one for the correct url: 1) Exception handling request to /auth/realms/saml-broker-authentication-realm/broker/adfs-localll/endpoint/descriptor/FederationMetadata/2007-06/FederationMetadata.xml: org.jboss.resteasy.spi.UnhandledException: org.keycloak.broker.provider.IdentityBrokerException: Identity Provider [adfs-localll] not found. 2) Exception handling request to /auth/realms/saml-broker-authentication-realm/broker/adfs-localll/endpoint/descriptor: org.jboss.resteasy.spi.UnhandledException: org.keycloak.broker.provider.IdentityBrokerException: Identity Provider [adfs-localll] not found. As you can see, first it fails to import xml from "ADFS-style" path, then it fails to get xml from the link i actually gave it. Not sure why Microsoft added this bit of behaviour, but it seems mostly harmless so far. 2017-03-28 22:01 GMT+03:00 Hynek Mlnarik <hmlnarik(a)redhat.com&gt;: