Hello, Does someone have documentation on how to implement Keycloak with Google Apps ? I tried to implement a SAML client in a Keycloak realm but I'm lost with settings when creating one. Tried to use the official documentation and to search on the web but to no avail. If someone could point me to what settings to use in the SAML client I created, it would be great. I already took the key generated for the realm and uploaded it to Google Apps. Best regards, Thomas _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

Hello Marek, Thanks for pointing me on this ressource. Very useful. I'm now on these settings : Client ID : googleapps Name : My Test Saml Enabled : On Include AuthnStatement : On Sign Assertions : On (RSA_SHA256, EXCLUSIVE) Client Signature Required : On Name ID Format : email IDP Initiated SSO URL Name : googleapps == Assertion Consumer Service Redirect Binding URL : https://www.google.com/a/mydomain.com/acs When I'm accessing (manually or set via Google Admin console in SSO settings) the following URL : https://xyz/realms/myrealmname/protocol/saml/googleapps .. i'm facing a totally blank page Error in Wildfly log : 23:25:04,136 WARN [org.jboss.resteasy.core.ExceptionHandler] (default task-107) failed to execute: javax.ws.rs.NotFoundException: Could not find resource for full path: https://xyz/realms/myrealmname/protocol/saml/googleapps Any idea ? Thanks Best regards, Thomas 2015-11-25 11:51 GMT+01:00 Marek Posolda <mposolda(a)redhat.com&gt;: > Longer time ago, I did the integration of picketlink with Google Apps, which > is documented here: > https://docs.jboss.org/author/display/PLINK/Picketlink+as+IDP,+Google+App... > . Some steps might be outdated, but hopefully most of them is still > applicable and can be (maybe with some tweaks) applied for Keycloak as well. > Especially the part for configuring on Google side. I did not tried in > practice with Keycloak yet, but I think that you may want to: > - Use clientId like "google.com/a/yourdomain.com" for your client where > yourdomain.com is your Google-Apps domain > - Select "Sign assertions" so google-apps will verify the signature on > assertion with the realm key you uploaded > > Other options might be kept default probably (not sure at 100% as I didn't > try it myself yet) > > Marek > > > On 25/11/15 10:42, Thomas Schweizer-Bolzonello wrote: > > Hello, > Does someone have documentation on how to implement Keycloak with Google > Apps ? > I tried to implement a SAML client in a Keycloak realm but I'm lost > with settings when creating one. > > Tried to use the official documentation and to search on the web but > to no avail. > > If someone could point me to what settings to use in the SAML client I > created, it would be great. > I already took the key generated for the realm and uploaded it to Google > Apps. > > Best regards, > Thomas > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > > _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

Hello Stian, Blank page with a 404 I removed /auth because I redeployed Keycloak on root context with this : http://keycloak.github.io/docs/userguide/keycloak-server/html/server-inst... I tried to create a new realm but same problem : blank page + 404 Full error in log is here : https://gist.github.com/ThomasSchweizer/a1ce825bd245d5261250 Thomas 2015-11-26 8:42 GMT+01:00 Stian Thorgersen <sthorger(a)redhat.com&gt;: > Blank page with a 403? > > The URL is missing '/auth/'. Unless you've changed the context-path Keycloak > is deployed to the url should be > https://xyz/auth/realms/myrealmname/protocol/saml/googleapps > > On 25 November 2015 at 23:33, Thomas Schweizer-Bolzonello > <thomas(a)schweizer.fr&gt; wrote: >> >> Hello Marek, >> >> Thanks for pointing me on this ressource. Very useful. >> I'm now on these settings : >> >> Client ID : googleapps >> Name : My Test Saml >> Enabled : On >> Include AuthnStatement : On >> Sign Assertions : On (RSA_SHA256, EXCLUSIVE) >> Client Signature Required : On >> Name ID Format : email >> IDP Initiated SSO URL Name : googleapps >> == >> Assertion Consumer Service Redirect Binding URL : >> https://www.google.com/a/mydomain.com/acs >> >> When I'm accessing (manually or set via Google Admin console in SSO >> settings) the following URL : >> https://xyz/realms/myrealmname/protocol/saml/googleapps .. i'm facing >> a totally blank page >> >> Error in Wildfly log : >> 23:25:04,136 WARN [org.jboss.resteasy.core.ExceptionHandler] (default >> task-107) failed to execute: javax.ws.rs.NotFoundException: Could not >> find resource for full path: >> https://xyz/realms/myrealmname/protocol/saml/googleapps >> >> Any idea ? >> >> Thanks >> >> Best regards, >> Thomas >> >> 2015-11-25 11:51 GMT+01:00 Marek Posolda <mposolda(a)redhat.com&gt;: >> > Longer time ago, I did the integration of picketlink with Google Apps, >> > which >> > is documented here: >> > >> > https://docs.jboss.org/author/display/PLINK/Picketlink+as+IDP,+Google+App... >> > . Some steps might be outdated, but hopefully most of them is still >> > applicable and can be (maybe with some tweaks) applied for Keycloak as >> > well. >> > Especially the part for configuring on Google side. I did not tried in >> > practice with Keycloak yet, but I think that you may want to: >> > - Use clientId like "google.com/a/yourdomain.com" for your client where >> > yourdomain.com is your Google-Apps domain >> > - Select "Sign assertions" so google-apps will verify the signature on >> > assertion with the realm key you uploaded >> > >> > Other options might be kept default probably (not sure at 100% as I >> > didn't >> > try it myself yet) >> > >> > Marek >> > >> > >> > On 25/11/15 10:42, Thomas Schweizer-Bolzonello wrote: >> > >> > Hello, >> > Does someone have documentation on how to implement Keycloak with Google >> > Apps ? >> > I tried to implement a SAML client in a Keycloak realm but I'm lost >> > with settings when creating one. >> > >> > Tried to use the official documentation and to search on the web but >> > to no avail. >> > >> > If someone could point me to what settings to use in the SAML client I >> > created, it would be great. >> > I already took the key generated for the realm and uploaded it to Google >> > Apps. >> > >> > Best regards, >> > Thomas >> > _______________________________________________ >> > keycloak-user mailing list >> > keycloak-user(a)lists.jboss.org >> > https://lists.jboss.org/mailman/listinfo/keycloak-user >> > >> > >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user > >