Hey, do you know if Salesforce as an SP works if the IDP is localhost?
Or did you have to test that outside a firewall?
On 5/4/2015 3:03 AM, Marek Posolda wrote:
As far as I remember, it could be the certificate in CRT format
exported
from keystore file via "keytool -export" . At least that's what worked
for me couple of years back when I did integration of Salesforce with
Picketlink:
https://docs.jboss.org/author/display/PLINK/Picketlink+as+IDP,+Salesforce...
Marek
On 30.4.2015 17:39, Bill Burke wrote:
> I set up a salesforce example and looked at the login response SAML
> document. Looks like no assertion data is being sent back at all by
> salesforce.
>
> On 4/30/2015 9:43 AM, Bill Burke wrote:
>> i have no idea. Basically this error is stating that the login response
>> saml document has no assertions within it. If there are no assertions,
>> then there has been no identity data sent.
>>
>> I'm looking now, but can you send me a link on how to set up Salesforce
>> as an IDP? Is one able to set up a free account and such?
>>
>> On 4/30/2015 9:25 AM, Henk Laracker wrote:
>>> Hi Bill,
>>>
>>> I don¹t know why I missed that, thanks! Salesforce respons know with
>>> the
>>> correct login page. After logging in in Salesforce, I¹m redirected to
>>> keycloak again with a internal error:
>>>
>>> Caused by: org.keycloak.broker.provider.IdentityBrokerException:
>>> Could not
>>> process response from SAML identity provider.
>>> at
>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLEndpo
>>>
>>> int.java:299)
>>> at
>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.handleSamlResponse(SAMLEndpoi
>>>
>>> nt.java:343)
>>> at
>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.execute(SAMLEndpoint.java:169
>>>
>>> )
>>> at
>>> org.keycloak.broker.saml.SAMLEndpoint.postBinding(SAMLEndpoint.java:117)
>>>
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> [rt.jar:1.8.0_45]
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:6
>>>
>>> 2) [rt.jar:1.8.0_45]
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImp
>>>
>>> l.java:43) [rt.jar:1.8.0_45]
>>> at java.lang.reflect.Method.invoke(Method.java:497)
>>> [rt.jar:1.8.0_45]
>>> at
>>> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:1
>>>
>>> 37) [resteasy-jaxrs-3.0.10.Final.jar:]
>>> at
>>> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethod
>>>
>>> Invoker.java:296) [resteasy-jaxrs-3.0.10.Final.jar:]
>>> at
>>> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.
>>>
>>> java:250) [resteasy-jaxrs-3.0.10.Final.jar:]
>>> at
>>> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Resourc
>>>
>>> eLocatorInvoker.java:140) [resteasy-jaxrs-3.0.10.Final.jar:]
>>> at
>>> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoke
>>>
>>> r.java:109) [resteasy-jaxrs-3.0.10.Final.jar:]
>>> at
>>> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Resourc
>>>
>>> eLocatorInvoker.java:135) [resteasy-jaxrs-3.0.10.Final.jar:]
>>> at
>>> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoke
>>>
>>> r.java:103) [resteasy-jaxrs-3.0.10.Final.jar:]
>>> at
>>> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.
>>>
>>> java:356) [resteasy-jaxrs-3.0.10.Final.jar:]
>>> ... 39 more
>>> Caused by: org.keycloak.broker.provider.IdentityBrokerException: No
>>> assertion from response.
>>> at
>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.getAssertion(SAMLEndpoint.jav
>>>
>>> a:309)
>>> at
>>> org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLEndpo
>>>
>>> int.java:264)
>>> ... 54 more
>>>
>>> Any idea?
>>>
>>> Henk
>>>
>>>
>>>
>>>
>>> On 30/04/15 14:31, "Bill Burke" <bburke(a)redhat.com> wrote:
>>>
>>>> You want to chain keycloak server to Salesforce?
>>>>
>>>> If you create a SAMLv2 IdentityProvider in keycloak that points to
>>>> Salesforce, you;ll see after you create it, an Export button. Click
>>>> that. That will create an entity descriptor with all the information
>>>> you need.
>>>>
>>>> On 4/30/2015 2:45 AM, Henk Laracker wrote:
>>>>> Hi,
>>>>>
>>>>> I like to use Salesforce as Identity Provider, the metadata
>>>>> provided by
>>>>> salesforce can be imported.
>>>>> But I need to specify the Service Provider in salesforce, I have
>>>>> to fill
>>>>> in a couple of fields, but two of them I don¹t understand (and are
>>>>> mandatory). Does someone have any clue
>>>>>
>>>>> 1. entity id , remark of salesforce : get this value from your
>>>>> serviceprovider
>>>>> 2. ACS URL, remark of slaesforce : The assertion consumer
>>>>> service. Get
>>>>> this value from your service provider.
>>>>>
>>>>> I have tried a lot of values but every-time I click the saml
>>>>> button on
>>>>> my app, it redirects to salesforce but I get a page with the error :
>>>>> Error: Unable to resolve request into a Service Provider
>>>>>
>>>>> Henk
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user(a)lists.jboss.org
>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>> --
>>>> Bill Burke
>>>> JBoss, a division of Red Hat
>>>>
http://bill.burkecentral.com
>>>> _______________________________________________
>>>> keycloak-user mailing list
>>>> keycloak-user(a)lists.jboss.org
>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user