9:02 p.m.
Hi All,
Does keycloak service provider support with metadata ? I don't find any
reference document on this for keycloak. There is no adapter which talk
about metadata. Even I looked at the examples, and there are three examples
which talk about POST, REDIRECT and encryption.
Any reference document on Keycloak SAML Service provider Metadata?
10:02 p.m.
New subject: Fwd: Keycloak service provider Metadata support for SAML support
Hi All,
Does keycloak service provider support with metadata ? I don't find any
reference document on this for keycloak. There is no adapter which talk
about metadata. Even I looked at the examples, and there are three examples
which talk about POST, REDIRECT and encryption.
Any reference document on Keycloak SAML Service provider Metadata?
1:37 a.m.
New subject: Fwd: Keycloak service provider Metadata support for SAML support
Are you asking if Keycloak can create clients from entity descriptors, then
yes. Create client and import the file.
On 30 November 2015 at 05:02, Arulkumar Ponnusamy <parul.com(a)gmail.com>
wrote:
Hi All,
Does keycloak service provider support with metadata ? I don't find any
reference document on this for keycloak. There is no adapter which talk
about metadata. Even I looked at the examples, and there are three examples
which talk about POST, REDIRECT and encryption.
Any reference document on Keycloak SAML Service provider Metadata?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2:47 a.m.
New subject: Fwd: Keycloak service provider Metadata support for SAML support
Hi Stian,
Yes clients from entity descriptors. i don't understand import the file
part. Where to import the file? I have both IDP(picketlink) and
SP(keycloak) under my web-INF file. but, i don't see any SAML communication
between SP and IDP happening.
I am new to SAML and for beginner,picketlink has so many example for both
IDP and SP which is awesome and gives clear picture of whats need to be
done. But, Those example are missing for keycloak SAML Service provide.
only three example are for keycloak and that too some how not detailed.
On Mon, Nov 30, 2015 at 1:07 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
Are you asking if Keycloak can create clients from entity
descriptors,
then yes. Create client and import the file.
On 30 November 2015 at 05:02, Arulkumar Ponnusamy <parul.com(a)gmail.com>
wrote:
> Hi All,
> Does keycloak service provider support with metadata ? I don't find any
> reference document on this for keycloak. There is no adapter which talk
> about metadata. Even I looked at the examples, and there are three examples
> which talk about POST, REDIRECT and encryption.
>
> Any reference document on Keycloak SAML Service provider Metadata?
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
3:09 a.m.
New subject: Fwd: Keycloak service provider Metadata support for SAML support
Bill - is there a way to get the entity descriptor for an application using
the Keycloak SP adapter? To then import into PicketLink.
On 30 November 2015 at 09:47, Arulkumar Ponnusamy <parul.com(a)gmail.com>
wrote:
Hi Stian,
Yes clients from entity descriptors. i don't understand import the file
part. Where to import the file? I have both IDP(picketlink) and
SP(keycloak) under my web-INF file. but, i don't see any SAML communication
between SP and IDP happening.
I am new to SAML and for beginner,picketlink has so many example for both
IDP and SP which is awesome and gives clear picture of whats need to be
done. But, Those example are missing for keycloak SAML Service provide.
only three example are for keycloak and that too some how not detailed.
On Mon, Nov 30, 2015 at 1:07 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
> Are you asking if Keycloak can create clients from entity descriptors,
> then yes. Create client and import the file.
>
> On 30 November 2015 at 05:02, Arulkumar Ponnusamy <parul.com(a)gmail.com>
> wrote:
>
>> Hi All,
>> Does keycloak service provider support with metadata ? I don't find any
>> reference document on this for keycloak. There is no adapter which talk
>> about metadata. Even I looked at the examples, and there are three examples
>> which talk about POST, REDIRECT and encryption.
>>
>> Any reference document on Keycloak SAML Service provider Metadata?
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>
9:03 a.m.
New subject: Fwd: Keycloak service provider Metadata support for SAML support
Hi Bill,
Do you have any update on this?
On Mon, Nov 30, 2015 at 2:39 PM, Stian Thorgersen <sthorger(a)redhat.com>
wrote:
Bill - is there a way to get the entity descriptor for an
application
using the Keycloak SP adapter? To then import into PicketLink.
On 30 November 2015 at 09:47, Arulkumar Ponnusamy <parul.com(a)gmail.com>
wrote:
> Hi Stian,
> Yes clients from entity descriptors. i don't understand import the file
> part. Where to import the file? I have both IDP(picketlink) and
> SP(keycloak) under my web-INF file. but, i don't see any SAML communication
> between SP and IDP happening.
>
> I am new to SAML and for beginner,picketlink has so many example for both
> IDP and SP which is awesome and gives clear picture of whats need to be
> done. But, Those example are missing for keycloak SAML Service provide.
> only three example are for keycloak and that too some how not detailed.
>
>
>
> On Mon, Nov 30, 2015 at 1:07 PM, Stian Thorgersen <sthorger(a)redhat.com>
> wrote:
>
>> Are you asking if Keycloak can create clients from entity descriptors,
>> then yes. Create client and import the file.
>>
>> On 30 November 2015 at 05:02, Arulkumar Ponnusamy <parul.com(a)gmail.com>
>> wrote:
>>
>>> Hi All,
>>> Does keycloak service provider support with metadata ? I don't find any
>>> reference document on this for keycloak. There is no adapter which talk
>>> about metadata. Even I looked at the examples, and there are three examples
>>> which talk about POST, REDIRECT and encryption.
>>>
>>> Any reference document on Keycloak SAML Service provider Metadata?
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>>
>>
>
9:33 a.m.
New subject: Fwd: Keycloak service provider Metadata support for SAML support
Keycloak SP does not generate an entity descriptor. I don't believe
Picketlink SP does either.
Our examples are derived from PL quickstarts. Honestly I don't see much
difference between the PL ones and ours. The PL ones use PL IDP, the
Keycloak ones use Keycloak IDP. The PL quickstarts don't go into much
detail either other than how to run the example.
On 11/30/2015 10:03 AM, Arulkumar Ponnusamy wrote:
Hi Bill,
Do you have any update on this?
On Mon, Nov 30, 2015 at 2:39 PM, Stian Thorgersen <sthorger(a)redhat.com
<mailto:sthorger@redhat.com>> wrote:
Bill - is there a way to get the entity descriptor for an
application using the Keycloak SP adapter? To then import into
PicketLink.
On 30 November 2015 at 09:47, Arulkumar Ponnusamy
<parul.com(a)gmail.com <mailto:parul.com@gmail.com>> wrote:
Hi Stian,
Yes clients from entity descriptors. i don't understand import
the file part. Where to import the file? I have both
IDP(picketlink) and SP(keycloak) under my web-INF file. but, i
don't see any SAML communication between SP and IDP happening.
I am new to SAML and for beginner,picketlink has so many example
for both IDP and SP which is awesome and gives clear picture of
whats need to be done. But, Those example are missing for
keycloak SAML Service provide. only three example are for
keycloak and that too some how not detailed.
On Mon, Nov 30, 2015 at 1:07 PM, Stian Thorgersen
<sthorger(a)redhat.com <mailto:sthorger@redhat.com>> wrote:
Are you asking if Keycloak can create clients from entity
descriptors, then yes. Create client and import the file.
On 30 November 2015 at 05:02, Arulkumar Ponnusamy
<parul.com(a)gmail.com <mailto:parul.com@gmail.com>> wrote:
Hi All,
Does keycloak service provider support with metadata ? I
don't find any reference document on this for keycloak.
There is no adapter which talk about metadata. Even I
looked at the examples, and there are three examples
which talk about POST, REDIRECT and encryption.
Any reference document on Keycloak SAML Service provider
Metadata?
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
<mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
10:20 a.m.
New subject: Fwd: Keycloak service provider Metadata support for SAML support
Hi Bill,
Thanks for the reply. I am not referring about generating SP entity
descriptor. I have Entity descriptor and want to use entity descriptor with
keycloak SAML SP. I have attached the sample piketlink-SP metadata for
reference.
I picketlink, we have picketlink.xml, where we can tell the service
provider to read IDP entity descriptor from file. Example as below
<MetaDataProvider
ClassName="org.picketlink.identity.federation.core.saml.md.providers.FileBasedEntitiesMetadataProvider">
<Option Key="FileName"
Value="/WEB-INF/classes/idp-metadata.xml"/>
</MetaDataProvider>
However, when I looked at our Keycloak SAML configuration
schema(keycloak_saml_adapter_1_6.xsd) I don't see any such elements where
we can tell the SP to read the IDP entity data from IDP metadata.
On Mon, Nov 30, 2015 at 9:03 PM, Bill Burke <bburke(a)redhat.com> wrote:
Keycloak SP does not generate an entity descriptor. I don't
believe
Picketlink SP does either.
Our examples are derived from PL quickstarts. Honestly I don't see much
difference between the PL ones and ours. The PL ones use PL IDP, the
Keycloak ones use Keycloak IDP. The PL quickstarts don't go into much
detail either other than how to run the example.
On 11/30/2015 10:03 AM, Arulkumar Ponnusamy wrote:
> Hi Bill,
> Do you have any update on this?
>
> On Mon, Nov 30, 2015 at 2:39 PM, Stian Thorgersen <sthorger(a)redhat.com
> <mailto:sthorger@redhat.com>> wrote:
>
> Bill - is there a way to get the entity descriptor for an
> application using the Keycloak SP adapter? To then import into
> PicketLink.
>
> On 30 November 2015 at 09:47, Arulkumar Ponnusamy
> <parul.com(a)gmail.com <mailto:parul.com@gmail.com>> wrote:
>
> Hi Stian,
> Yes clients from entity descriptors. i don't understand import
> the file part. Where to import the file? I have both
> IDP(picketlink) and SP(keycloak) under my web-INF file. but, i
> don't see any SAML communication between SP and IDP happening.
>
> I am new to SAML and for beginner,picketlink has so many example
> for both IDP and SP which is awesome and gives clear picture of
> whats need to be done. But, Those example are missing for
> keycloak SAML Service provide. only three example are for
> keycloak and that too some how not detailed.
>
>
>
> On Mon, Nov 30, 2015 at 1:07 PM, Stian Thorgersen
> <sthorger(a)redhat.com <mailto:sthorger@redhat.com>> wrote:
>
> Are you asking if Keycloak can create clients from entity
> descriptors, then yes. Create client and import the file.
>
> On 30 November 2015 at 05:02, Arulkumar Ponnusamy
> <parul.com(a)gmail.com <mailto:parul.com@gmail.com>> wrote:
>
> Hi All,
> Does keycloak service provider support with metadata ? I
> don't find any reference document on this for keycloak.
> There is no adapter which talk about metadata. Even I
> looked at the examples, and there are three examples
> which talk about POST, REDIRECT and encryption.
>
> Any reference document on Keycloak SAML Service provider
> Metadata?
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> <mailto:keycloak-user@lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
>
>
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
12:17 p.m.
New subject: Fwd: Keycloak service provider Metadata support for SAML support
On 11/30/2015 11:20 AM, Arulkumar Ponnusamy wrote:
Hi Bill,
Thanks for the reply. I am not referring about generating SP entity
descriptor. I have Entity descriptor and want to use entity descriptor
with keycloak SAML SP. I have attached the sample piketlink-SP metadata
for reference.
You are talking about using the IDP entity descriptor within SP config?
Yeah, I don't support that yet. I've put in a JIRA.
FYI, the SP entity descriptor is not used by Picketlink SP. It is
missing information like the private key. The SP entity descriptor is
used for registering with the IDP.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
3381
days inactive
3381
days old
8 comments
3 participants
participants (3)
-
Arulkumar Ponnusamy -
Bill Burke -
Stian Thorgersen