What does your authnrequest look like? ADFS is really fickle about format. Common issues with the authnrequest are:
1. Nameidformat
2. Authncontextclassref
3. Sha1 signature
#1 is the biggest issue I see. You need to write a claims rule in adfs to make sure it maps properly or just remove the nameidformat from the authnrequest.
Marc Boorshtein
CTO, Tremolo Security, Inc.
Hi,
I’m trying to use Keycloak 2.0.0.Final with AD FS 2.0 as an identity provider. I think I’ve set up everything, but I am getting an internal error from keycloak.
The server log contains
2016-07-28 11:08:32,510 ERROR [io.undertow.request] (default task-37) UT005023: Exception handling request to /auth/realms/adfs-realm/broker/adfs/endpoint: org.jboss.resteasy.spi.UnhandledException: org.keycloak.broker.provider.IdentityBrokerException: Could not process response from SAML identity provider.
The root cause is “No assertion from response”
So far the only information about this I have found so far is a keycloak issue ticket
https://issues.jboss.org/browse/KEYCLOAK-3103
Has anyone got any luck using AD FS in combination with keycloak?
Is there any configuration I could change in AD FS or Keycloak or workaround this problem?
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user