Hello,
I am trying to see if we can use KeyCloak to secure and make our current API's
available through SAML.
We are running our application on Tomcat 8.5.8
I downloaded keycloak-3.2.0.Final and saml-tomcat8-adapter.
I was following the instructions described in quickstarts app-profile-saml-jee-jsp and
applying it to our application.
However, I am not able to select Client Protocol: saml. I can only choose openid-connect.
In Identity Providers I tried to configure my own saml Identity Provider and use that in
my setup but when I try to access the secured resource I get following error:
org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage No login page was
defined for FORM authentication in context
I found a post of an older similar issue and it said it should be fixed in a new version:
http://lists.jboss.org/pipermail/keycloak-user/2016-November/008383.html
It points to
https://issues.jboss.org/browse/KEYCLOAK-3669?filter=-2 but I can't find
the issue.
The following things I have been trying to figure out but without success. Could you
please help me clarify following questions or point me in the right direction to make it
work?
- When I create a new realm I can only select Endpoints: OpenID Endpoint
Configuration. I was expecting to also be able to select SAML 2.0 here or saml as
described in the example.
- When I add Client, I only have Client Protocol openid-connect. If I want to add
a new Identity Provider I need to add Single Sign-On Service URL: The url that must be
used to send authentication requests (SAML AuthnRequest). I don't want to implement
the Identity Provider. I was looking for a way to retrieve valid SAML tickets and specify
what keys of the user are sent in that ticket. I would like this to be sent to a url
inside my web app.
From the description of app-profile-saml-jee-jsp I thought this is
what I should be able to do but can't seem to figure it out.
Best regards,
Kevin