Re: [keycloak-user] Login via SAML RESPONSE from an IdP

Hello everybody, I am trying to figure out if Keycloak is capable to fulfil the following requirement. I read through the documentation but was not able to figure it out. Scenario: A user is on a website where he has the possibility to jump to web applications of different partners via SSO. The website provider only supports IdP Initiated SSO and the button links provided are SAML Assertion Consumer URLs. The flow describes what should be happening for my understanding: Flow: 1. User login on website. 2. User clicks on button. 3. Website creates an encrypted SAML RESPONSE using its STS, redirects user to Keycloak's SAML Assertion Consumer URL and POSTs the SAML RESPONSE there. 4. Keycloak decrypts/validates SAML RESPONSE and authenticates the user. 5. Keycloak redirects user to the application. 6. User uses application. Is this possible? How has it to be configured? Do you need any more information to help me? Thank you in advance! Best regards Karsten Honsack ************************************** _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_m ailman_listinfo_keycloak-2Duser&d=DwIGaQ&c=DgzfCyvE4m33Nb8jT6Zstq7mstX 2IJrYfaJl8Ak-0_8&r=tEV5NbaAf1DsefwaP5VV_SYeWZQslIoxTN6j5CE93Hg&m=qspAg pvVTTvc9t-nOM1flvxotmIZxnKAdMYyScv58Ig&s=sRIEtNz_hzeZ7pWSAjmi6kartlN-g eNm1PiImgC9pPQ&e=