[keycloak-user] SAML identity broker Client ID/Issuer

Thursday, 30 March 2017

We are trying to configure Keycloak to act as an identity broker for a SAML 2.0 IdP. Using
the “quickstarts/app-profile-jee-vanilla” project as a basis, we added the wildfly client
adapter and set up an Identity Provider of type SAML 2.0.
Our customer configure an entityID at the IdP.
Example:<https://saml.myapp.com/myservice>;. We set the Client ID to equal our
entityID and expected the Issuer element to contain this value. Keycloak redirects
correctly, however, in the AuthnRequest sent to the IdP, the Issuer element contains a URL
at the Keycloak server realm
(<https://saml.kombit.dk:8543/auth/realms/demo>https://saml.myapp.com/
<https://saml.myapp.com/myservice>auth/realms/demo) and Keycloak stripped part of
our Client ID (/myservice).

Is the Issuer value configurable and if so, where?

Thanks

Anders and Ulrik

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

[keycloak-user] SAML identity broker Client ID/Issuer