Seems like it will only work if I'm using SAML.
On Wed, Feb 22, 2017 at 5:18 PM John D. Ament <john.d.ament(a)gmail.com>
Changing the subject to be a bit clearer about the problems.
I think I'm understanding a bit further. when reading through
- It seems like my application has to be SAML. I cannot do an OIDC based
- First thing I have to do is add IDP Initiated SSO URL Name to my
- The confusing part is about if my application requires... this seems a
bit odd, since I'm using the Keycloak adapter but sure.
- The part that's missing is what gets setup in the actual broker. You
mention IDP Initiated SSO URL Name but I don't see that field in IDPs. In
general these look like Keycloak specific parameters.
On Mon, Feb 20, 2017 at 7:18 AM John D. Ament <john.d.ament(a)gmail.com>
Ok, so I was able to get SP initiated working fine. I had only tried IDP
when I sent this mail out.
I'm going through this doc, and its not clear to me on a few areas:
- I have my application (the SP) and the SAML IDP (Okta in this case). I
have a link on the okta portal to login automatically to my SP.
- I think the webpage is saying that this only works if I'm using the SAML
connector for keycloak, is that accurate?
- All of my Okta settings are from getting SP initiated working. Do any
of those need to change?
- Do I in fact setup Okta as a SAML client in Keycloak?
On Sun, Feb 19, 2017 at 8:47 PM John D. Ament <john.d.ament(a)gmail.com>
Just wondering, has anyone setup Keycloak w/ Okta? Every time I try to
authenticate (both SP initiated and IdP initiated) it fails with this error
01:40:54,626 WARN [org.keycloak.events] (default task-7)
type=IDENTITY_PROVIDER_LOGIN_ERROR, realmId=tenant1, clientId=null,
userId=null, ipAddress=172.17.0.1, error=staleCodeMessage
01:40:54,627 ERROR [org.keycloak.services.resources.IdentityBrokerService]
(default task-7) staleCodeMessage
I suspect its a setup issue on my side, so was hoping someone else has
tried this and can give tips. I even tried the import feature, no luck.