A few years ago, I did setup of Picketlink as IDP and Salesforce as SP. Some docs is here: https://docs.jboss.org/author/display/PLINK/Picketlink+as+IDP,+Salesforce+as+SP .

I didn't yet try with Keycloak and I guess the docs may be outdated. But hopefully you can use it as a starting point. At least the setup on Salesforce side.

AFAIR the Salesforce signs all the messages including SAML requests. So for the setup on Keycloak side, you may need to enable flag "Client Signature Required" for the SAML client in admin console and then go to tab "SAML Keys" and import the certificate from Salesforce. But not sure at 100%...

Good luck,
Marek

On 08/12/15 15:42, Ben Bazian wrote:

Sorry for the double post but figured I would try one more time.  Has anyone successfully setup Keycloak as an IDP into Salesforce?  I have it working with OpenID but the way Salesforce implements it is not acceptable.  Would like to use SAML instead.  I am seeing nothing via a web search on this.

 

Any and all help appreciated.

 

__________________________

BEN BAZIAN

Director, Information Systems

MBO Partners

 

cid:image001.png@01D057F2.BE72C880

 

t: 703.793.6010

f: 703.793.6079

e: bbazian@mbopartners.com

w: mbopartners.com

 

Notice: This email and any files transmitted with it are confidential. They are intended solely for the use of the individual addressed.  If you have received this email in error please notify postmaster@mbopartners.com and permanently delete the e-mail and files.

 



_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user