Hi,
I want to give my users the possibility to edit their account settings from an federated
IdP. Is there a way to do an IdP initiated SSO from a federated IdP which links directly
to the account page at {KEYCLOAK_SERVER_URL}/auth/realms/${REALM}/account?
As far as I can see, I have to do the following steps:
1. In the ‘master’ keycloak: add a new SAML client with URL
{KEYCLOAK_SERVER_URL}/auth/realms/${REALM}/account. (Since there’s no such thing as
‘OpenID Connect IdP initiated SSO as far as I can see)
2. In the federated IdP: send a SAMLResponse to
http://{KEYCLOAK_SERVER_URL}/auth/realms/${REALM}/broker/${fedIdP}/endpoint/clients/${CLIENT_ID}
The login goes successfully, but after login I see a 403 "Failed executing POST
/realms/master/account” error, since the account page doesn’t accept POST requests. If I
refresh the browser window which is pointing at the account page all is well, since this
last request is a GET request. (See
http://lists.jboss.org/pipermail/keycloak-user/2014-October/000989.html for the same
question about POST/GET)
I could make a third client with as only function showing a link to the account page but
don’t know if this is the right way to go.