Re: [keycloak-user] Keycloak and Salesforce IdP identity brokering
After a bit of digging through the keycloak archives, I believe I've foundan answer to
my own question. There is indeed a way to set up identitybrokering in keycloak with
Salesforce, although the processis not as straightforward as one would expect. To get the
values for ACS URL and Entity Id one should create a SAML 2.0 external IdP,and then
"Export" the IdP using the "Export" button.
--Peter
Hello,
I am trying to integrate keycloak and Salesforce using
Salesforce >as an identity provider. It seems some of the information required
to >properly set up the Salesforce as SAML IdP is missing in the keycloak's
SAML >identity provider configuration. For example, "Entity Id", according to
the >Salesforce documentation: >"This value comes from the service
provider. >Each entity ID in an organization must be unique. If you’re accessing
multiple >apps from your service provider, you only need to define the service
provider >>once, and then use the RelayState parameter to append the URL
values >to direct the user to the correct app after signing in."
(https://help.salesforce.com/HTViewHelpDoc?>id=service_provider_define....
SAML identity provider configuration in keycloak does not have >a setting to specify
"Entity Id". Another missing attribute is "ACS URL" >(The ACS, or
assertion consumer service, URL comes from the SAML >service provider.).
Has anyone been able to set up Salesforce as IdP and keycloak >as SP using
keycloak's SAML identity provider? Is this even possible >given that some required
parameters are missing?>Thx>Peter
Attachments:
- attachment.html (text/html — 7.2 KB)