Re: [keycloak-user] Keycloak SAML IdP and URL parameter
Hello Sud,
Please check out this thread:
http://lists.jboss.org/pipermail/keycloak-user/2018-November/016228.html
The problem under discussion is almost identical to yours, with the only exception being
OIDC instead of SAML. But I believe the general principle (fishing request parameters out
of the Referer header) remains the same.
Another question: is it possible to use SAML RelayState to pass the same parameter? Custom
authenticators have direct access to that field via client session note with the same name
("RelayState"), which could let you avoid the hacks like above.
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info(a)acutus.pro
On Fri, 2018-11-16 at 09:47 -0500, Sud Ramasamy wrote:
Hi,
We are using Keycloak as a SAML IdP and have plugged in a custom authenticator to handle
the browser flow. The authenticator relies on a custom URL parameter that is present in
the initial SAML Authn request to Keycloak.
We found that when the Keycloak SAML IdP receives a SAML Authn request (which also
contains our custom URL parameter) it exchanges that request with a code and redirects the
browser to itself at which point the control reaches our custom authenticator. This
redirect causes our custom URL parameter from the initial request to not be available to
our custom authenticator. Is there anyway to propagate our custom URL parameter to this
second request and thereby have it available to our custom authenticator.
Thanks in advance for your help.
Regards
-sud
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user