Re: [keycloak-user] SAML Setup
Am I understand correctly that your application wants to talk with
Keycloak through SAML protocol? If yes, then SAML Identity provider is
not something for your usecase. SAML Identity provider is useful for the
opposite case (for example: your application wants to talk OIDC with
Keycloak, and Keycloak itself will then use SAML Identity provider to
redirect to some other 3rd party SAML IDP. So defacto Keycloak acts as
"bridge" between OIDC App and external SAML IDP in that case).
For your case, you may need regular SAML adapters. Take a look at
keycloak-examples under directory "saml" and at the docs
http://keycloak.github.io/docs/userguide/saml-client-adapter/html/index.html
If your "consumer" application wants to use SAML and you want Keycloak
to use SAML and act as "bridge" then you may need both SAML adapter and
SAML Identity provider.
Marek
On 01/06/16 17:08, Marque Davis wrote:
Hi,
I’m working on moving SAML auth in one app into Keycloak. Since we
have many clients hitting our existing API, we don’t want to change
the external API. Instead we need to proxy through to Keycloak. I have
a SAML test harness that generates the SAML doc and redirects to KC,
but I constantly get a staleCodeError int he logs and the following
error on the page it redirects to.
WE'RE SORRY ...
This page is no longer valid, please go back to your application and
login again
I’ve setup an Identity Provider named “saml” and pointed my test app
to the Redirect URI
(http://192.168.99.100:10080/auth/realms/demo/broker/saml/endpoint).
Config screenshot attached (if it isn’t stripped from email)
Am I doing something wrong, or is this just not a use case Keycloak is
designed for?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
Attachments:
- attachment.png (image/png — 106.4 KB)
- attachment.html (text/html — 3.4 KB)
