3:22 a.m.
Hi Matteo,
You're talking about 2 different flows here:
* the "login with okta" button on keycloak. Then the flow is started from
keycloak and it's called SP initiated login.
* clicking the keycloak button in okta. Then the flow is started from okta and it's
called IDP initiated login
To my understanding this will depend on what type of client you're using.
If your client is a SAML client, you should look at IDP initiated login section in the
docs (never tried it myself):
https://www.keycloak.org/docs/latest/server_admin/index.html#idp-initiate...
On the other hand, if your client is an Openid connect/OAuth client, to my understanding
oauth does not support this and hence it's not possible out-of-the-box.
I'm in the same situation myself, and at the moment we've "solved" this
by not showing the keycloak button in okta (you can configure that).
However it would be much more convenient to get it working, so if anybody has a workaround
on this, I'd be happy to know. I was thinking myself if there isn't a possibility
to put a "fake" SAML client in between to handle the IDP initiated login and
then redirect to the oauth app would be an option. But haven't found time to try it
out.
Best regards,
Tom
-----Original Message-----
From: keycloak-user-bounces(a)lists.jboss.org <keycloak-user-bounces(a)lists.jboss.org>
On Behalf Of Matteo Restelli
Sent: Wednesday, 7 August 2019 09:46
To: keycloak-user <keycloak-user(a)lists.jboss.org>
Subject: [keycloak-user] Accessing Keycloak from Okta Dashboard
Hi all,
we're trying to configure Keycloak with Okta. We've no problems in configuring the
button "Login with okta" on the Keycloak login page. The problem now is how to
configure Keycloak to have the possibility to access Keycloak from the Okta dashboard.
Once we've configured the app in Okta, we've received the following error message
inside the Keycloak logs:
07:44:13,487 INFO
[org.jboss.aerogear.keycloak.metrics.MetricsEventListener] (default
task-4) Received user event of type IDENTITY_PROVIDER_LOGIN_ERROR in realm master
07:44:13,487 WARN [org.keycloak.events] (default task-4)
type=IDENTITY_PROVIDER_LOGIN_ERROR, realmId=master, clientId=null, userId=null,
ipAddress=10.1.3.6, error=invalidRequestMessage
07:44:13,487 ERROR [org.keycloak.services.resources.IdentityBrokerService]
(default task-4) invalidRequestMessage
We've followed this guide:
https://ultimatesecurity.pro/post/okta-saml/
Any thoughts on that?
Thank you very much,
Matteo
--
Like <https://www.facebook.com/cuebiq/> I Follow <https://twitter.com/Cuebiq>I
Connect <https://www.linkedin.com/company/cuebiq>
This email is reserved
exclusively for sending and receiving messages inherent working activities, and is not
intended nor authorized for personal use. Therefore, any outgoing messages or incoming
response messages will be treated as company messages and will be subject to the corporate
IT policy and may possibly to be read by persons other than by the subscriber of the box.
Confidential information may be contained in this message. If you are not the address
indicated in this message, please do not copy or deliver this message to anyone. In such
case, you should notify the sender immediately and delete the original message.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
This message has been scanned for malware by Websense. www.websense.com