Re: [keycloak-user] Login via SAML RESPONSE from an IdP
Hello Karsten,
Yes it is possible, please have a look here [1]. Of course you will need to
confire your SP with your specific SAML adapter [2]
Hope it helps,
Luis
ps: just for the records: I always use SP initiated login, it looks more
"natural" to me :)
[1]
https://www.keycloak.org/docs/latest/server_admin/index.html#idp-initiate...
[2]
https://www.keycloak.org/docs/latest/securing_apps/index.html#_saml-gener...
El jue., 8 nov. 2018 a las 10:51, Karsten Honsack (<
karsten.honsack(a)zurich.com>) escribió:
Hello everybody,
I am trying to figure out if Keycloak is capable to fulfil the following
requirement. I read through the documentation but was not able to figure it
out.
Scenario:
A user is on a website where he has the possibility to jump to web
applications of different partners via SSO. The website provider only
supports IdP Initiated SSO and the button links provided are SAML Assertion
Consumer URLs. The flow describes what should be happening for my
understanding:
Flow:
1. User login on website.
2. User clicks on button.
3. Website creates an encrypted SAML RESPONSE using its STS, redirects
user to Keycloak's SAML Assertion Consumer URL and POSTs the SAML RESPONSE
there.
4. Keycloak decrypts/validates SAML RESPONSE and authenticates the user.
5. Keycloak redirects user to the application.
6. User uses application.
Is this possible? How has it to be configured? Do you need any more
information to help me? Thank you in advance!
Best regards
Karsten Honsack
**************************************
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett