Hi Bill,
Thanks for the reply. I am not referring about generating SP entity descriptor. I have Entity descriptor and want to use entity descriptor with keycloak SAML SP.  I have attached the sample piketlink-SP metadata for reference.

I picketlink, we have picketlink.xml, where we can tell the service provider to read IDP entity descriptor from file. Example as below

        <MetaDataProvider ClassName="org.picketlink.identity.federation.core.saml.md.providers.FileBasedEntitiesMetadataProvider">
            <Option Key="FileName" Value="/WEB-INF/classes/idp-metadata.xml"/>

However, when I looked at our Keycloak SAML configuration schema(keycloak_saml_adapter_1_6.xsd) I don't see any such elements where we can tell the SP to read the IDP entity data from IDP metadata.


On Mon, Nov 30, 2015 at 9:03 PM, Bill Burke <bburke@redhat.com> wrote:
Keycloak SP does not generate an entity descriptor.  I don't believe Picketlink SP does either.

Our examples are derived from PL quickstarts.  Honestly I don't see much difference between the PL ones and ours.  The PL ones use PL IDP, the Keycloak ones use Keycloak IDP.  The PL quickstarts don't go into much detail either other than how to run the example.

On 11/30/2015 10:03 AM, Arulkumar Ponnusamy wrote:
Hi Bill,
Do you have any update on this?

On Mon, Nov 30, 2015 at 2:39 PM, Stian Thorgersen <sthorger@redhat.com
<mailto:sthorger@redhat.com>> wrote:

    Bill - is there a way to get the entity descriptor for an
    application using the Keycloak SP adapter? To then import into

    On 30 November 2015 at 09:47, Arulkumar Ponnusamy
    <parul.com@gmail.com <mailto:parul.com@gmail.com>> wrote:

        Hi Stian,
        Yes clients from entity descriptors. i don't understand import
        the file part. Where to import the file? I have both
        IDP(picketlink) and SP(keycloak) under my web-INF file. but, i
        don't see any SAML communication between SP and IDP happening.

        I am new to SAML and for beginner,picketlink has so many example
        for both IDP and SP which is awesome and gives clear picture of
        whats need to be done. But, Those example are missing for
        keycloak SAML Service provide. only three example are for
        keycloak and that too some how not detailed.

        On Mon, Nov 30, 2015 at 1:07 PM, Stian Thorgersen
        <sthorger@redhat.com <mailto:sthorger@redhat.com>> wrote:

            Are you asking if Keycloak can create clients from entity
            descriptors, then yes. Create client and import the file.

            On 30 November 2015 at 05:02, Arulkumar Ponnusamy
            <parul.com@gmail.com <mailto:parul.com@gmail.com>> wrote:

                Hi All,
                Does keycloak service provider support with metadata ? I
                don't find any reference document on this for keycloak.
                There is no adapter which talk about metadata. Even I
                looked at the examples, and there are three examples
                which talk about POST, REDIRECT and encryption.

                Any reference document on Keycloak SAML Service provider

                keycloak-user mailing list

Bill Burke
JBoss, a division of Red Hat