I have a keycloak 1.9.8 install that I am trying to reconfigure.

 

I have a client that tries to authenticate requests to https://lvpalgomi1d.ln.jefco.com:8443/synchronicity/*

 

I have a saml 2.0 identity provider configured against pingfederate. The redirect URI is http://lvpalgomi1d.ln.jefco.com:8180/auth/realms/Algomi/broker/pingfederate_saml/endpoint

 

When I enter https://lvpalgomi1d.ln.jefco.com:8443/synchronicity/login.jsp into a web browser I end up at http://lvpalgomi1d.ln.jefco.com:8180/auth/realms/Algomi/broker/pingfederate_saml/endpoint which is not what I intend – I would like to be validated and then redirected back to the original location.

 

Is there another step to redirect the browser back to the original URL?

 

I am picking up this task from a colleague who moved on. I have tried reading the server-administration-guide but it does not seem to be helping with this problem.

 

How do I diagnose the issue? What settings do I need to check?

 

There are also a couple of ldap providers set up under User Federation. I don’t know whether they are needed – I think they were previously used to authenticate against ldap but the users are looking for silent/pass-through authentication.

 

Actually, while I’m here, will SAML 2.0 even support Integrated Windows Authentication that I am supposed to be implementing, or must I use Kerberos to achieve that?

 

Many thanks,

Sarah