10:32 a.m.
So what you are saying is that Keycloak, acting as an SP, will send this URL to the IDp,
but the IDp can choose not to use it, and just send responses to our F5?
Also, re: the second part of my question, can anything be done about the password reset
URL, to have those target our F5?
Thanks for you help with this,
MJ
On Apr 5, 2017 8:01 AM, Bill Burke <bburke(a)redhat.com> wrote:
The SP can send ACS URL, this URL will only be used if it is validated
against the Redirect URI patterns that are registered in the
configuration of the client. Does that answer your question?
On 4/4/17 6:07 PM, Jacobs, Michael wrote:
For our application we created a SAML Identity Provider to proxy
authentication to an outside source. However we need their response to be sent back to a
load-balanced URL on our F5. The value that I believe controls this is "Redirect
URI" in our SAML Provider config, looks like that goes to populate the
AssertionConsumerServiceURL in the SAML request. Redirect URI is not editable in the UI.
Is there a way we can control what gets populated there, so our partner will be directed
to send to the load-balanced URL.
We'd also like to control password reset emails links to contain that load-balanced
URL, but it does not look like the templating system allows us to manipulate that that
level.
MJ
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mail...
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mail...
7:34 p.m.
New subject: [EXTERNAL] Re: Overriding AssertionConsumerServiceURL in
I solved this by making my own identity provider SPI that extends from
SAMLIdentityProvider, but adds this feature, taking the override from the standalone.xml
I will try to do something similar with the Email Template SPI.
From: Jacobs, Michael [mailto:michael_jacobs@nuance.com]
Sent: Wednesday, April 05, 2017 8:32 AM
To: Bill Burke <bburke(a)redhat.com>
Cc: keycloak-user(a)lists.jboss.org
Subject: Re: [EXTERNAL] Re: [keycloak-user] Overriding AssertionConsumerServiceURL in
So what you are saying is that Keycloak, acting as an SP, will send this URL to the IDp,
but the IDp can choose not to use it, and just send responses to our F5?
Also, re: the second part of my question, can anything be done about the password reset
URL, to have those target our F5?
Thanks for you help with this,
MJ
On Apr 5, 2017 8:01 AM, Bill Burke
<bburke@redhat.com<mailto:bburke@redhat.com>> wrote:
The SP can send ACS URL, this URL will only be used if it is validated
against the Redirect URI patterns that are registered in the
configuration of the client. Does that answer your question?
On 4/4/17 6:07 PM, Jacobs, Michael wrote:
For our application we created a SAML Identity Provider to proxy
authentication to an outside source. However we need their response to be sent back to a
load-balanced URL on our F5. The value that I believe controls this is "Redirect
URI" in our SAML Provider config, looks like that goes to populate the
AssertionConsumerServiceURL in the SAML request. Redirect URI is not editable in the UI.
Is there a way we can control what gets populated there, so our partner will be directed
to send to the load-balanced URL.
We'd also like to control password reset emails links to contain that load-balanced
URL, but it does not look like the templating system allows us to manipulate that that
level.
MJ
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mail...
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org<mailto:keycloak-user@lists.jboss.org>
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mail...
2831
days inactive
2833
days old
1 comments
1 participants
participants (1)
-
Jacobs, Michael