1:51 p.m.
Hi Bill,
Thank you this worked out! I user is created with my name
saml.henk.laracker(a)p***n.nl , do you have any idee why the “saml” prefix
is added?
Henk
On 30/04/15 18:44, "Bill Burke" <bburke(a)redhat.com> wrote:
Ok, I was able to get this to work. The problem was I had to set a
"profile" for the connected app on Salesforce. I added a "System
Adminstrator" profile to the Connected App and it worked.
I'm not sure how to upload a app certificate yet. Not sure what format
Salesforce is looking for.
On 4/30/2015 11:39 AM, Bill Burke wrote:
> I set up a salesforce example and looked at the login response SAML
> document. Looks like no assertion data is being sent back at all by
> salesforce.
>
> On 4/30/2015 9:43 AM, Bill Burke wrote:
>> i have no idea. Basically this error is stating that the login
>>response
>> saml document has no assertions within it. If there are no assertions,
>> then there has been no identity data sent.
>>
>> I'm looking now, but can you send me a link on how to set up Salesforce
>> as an IDP? Is one able to set up a free account and such?
>>
>> On 4/30/2015 9:25 AM, Henk Laracker wrote:
>>> Hi Bill,
>>>
>>> I don¹t know why I missed that, thanks! Salesforce respons know with
>>>the
>>> correct login page. After logging in in Salesforce, I¹m redirected to
>>> keycloak again with a internal error:
>>>
>>> Caused by: org.keycloak.broker.provider.IdentityBrokerException:
>>>Could not
>>> process response from SAML identity provider.
>>> at
>>>
>>>org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLE
>>>ndpo
>>> int.java:299)
>>> at
>>>
>>>org.keycloak.broker.saml.SAMLEndpoint$Binding.handleSamlResponse(SAMLEn
>>>dpoi
>>> nt.java:343)
>>> at
>>>
>>>org.keycloak.broker.saml.SAMLEndpoint$Binding.execute(SAMLEndpoint.java
>>>:169
>>> )
>>> at
>>>
>>>org.keycloak.broker.saml.SAMLEndpoint.postBinding(SAMLEndpoint.java:117
>>>)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> [rt.jar:1.8.0_45]
>>> at
>>>
>>>sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja
>>>va:6
>>> 2) [rt.jar:1.8.0_45]
>>> at
>>>
>>>sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso
>>>rImp
>>> l.java:43) [rt.jar:1.8.0_45]
>>> at java.lang.reflect.Method.invoke(Method.java:497) [rt.jar:1.8.0_45]
>>> at
>>>
>>>org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.ja
>>>va:1
>>> 37) [resteasy-jaxrs-3.0.10.Final.jar:]
>>> at
>>>
>>>org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMe
>>>thod
>>> Invoker.java:296) [resteasy-jaxrs-3.0.10.Final.jar:]
>>> at
>>>
>>>org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvo
>>>ker.
>>> java:250) [resteasy-jaxrs-3.0.10.Final.jar:]
>>> at
>>>
>>>org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Res
>>>ourc
>>> eLocatorInvoker.java:140) [resteasy-jaxrs-3.0.10.Final.jar:]
>>> at
>>>
>>>org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorIn
>>>voke
>>> r.java:109) [resteasy-jaxrs-3.0.10.Final.jar:]
>>> at
>>>
>>>org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Res
>>>ourc
>>> eLocatorInvoker.java:135) [resteasy-jaxrs-3.0.10.Final.jar:]
>>> at
>>>
>>>org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorIn
>>>voke
>>> r.java:103) [resteasy-jaxrs-3.0.10.Final.jar:]
>>> at
>>>
>>>org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatc
>>>her.
>>> java:356) [resteasy-jaxrs-3.0.10.Final.jar:]
>>> ... 39 more
>>> Caused by: org.keycloak.broker.provider.IdentityBrokerException: No
>>> assertion from response.
>>> at
>>>
>>>org.keycloak.broker.saml.SAMLEndpoint$Binding.getAssertion(SAMLEndpoint
>>>.jav
>>> a:309)
>>> at
>>>
>>>org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLE
>>>ndpo
>>> int.java:264)
>>> ... 54 more
>>>
>>> Any idea?
>>>
>>> Henk
>>>
>>>
>>>
>>>
>>> On 30/04/15 14:31, "Bill Burke" <bburke(a)redhat.com> wrote:
>>>
>>>> You want to chain keycloak server to Salesforce?
>>>>
>>>> If you create a SAMLv2 IdentityProvider in keycloak that points to
>>>> Salesforce, you;ll see after you create it, an Export button. Click
>>>> that. That will create an entity descriptor with all the information
>>>> you need.
>>>>
>>>> On 4/30/2015 2:45 AM, Henk Laracker wrote:
>>>>> Hi,
>>>>>
>>>>> I like to use Salesforce as Identity Provider, the metadata
>>>>>provided by
>>>>> salesforce can be imported.
>>>>> But I need to specify the Service Provider in salesforce, I have to
>>>>>fill
>>>>> in a couple of fields, but two of them I don¹t understand (and are
>>>>> mandatory). Does someone have any clue
>>>>>
>>>>> 1. entity id , remark of salesforce : get this value from your
>>>>> serviceprovider
>>>>> 2. ACS URL, remark of slaesforce : The assertion consumer
>>>>>service. Get
>>>>> this value from your service provider.
>>>>>
>>>>> I have tried a lot of values but every-time I click the saml button
>>>>>on
>>>>> my app, it redirects to salesforce but I get a page with the error :
>>>>> Error: Unable to resolve request into a Service Provider
>>>>>
>>>>> Henk
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user(a)lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>>
>>>> --
>>>> Bill Burke
>>>> JBoss, a division of Red Hat
>>>> http://bill.burkecentral.com
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user(a)lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user