4:07 p.m.
Sorry for previous messages, not sure what happened
******
Hi everyone,
we are using the tomcat 7 adapter of keycloak 3.4.3 (SAML). We managed
also to install the server side part and to integrate the keycloak with an
our web application. Now when user access to siteA he is correctly
redirected to keycloak login page and after login he is redirected to the
application itself. It is working fine.
Problem is the following. We are not trying to integrate SSO in the
following way:
1. User opens browser and goes to our siteA
2. User correctly logins
3. In user desktop there is an our client-server application developed in
java and our goal is to have the user logged in automatically because we
are sharing same set of users. Moreover, siteA and the server side
application are different clients in the same realm.
The client-server application is basically a webapplication, where the
client part is a "custom" browser that restricts the user to do only some
operations. The browser widget is a custom one but we can change if
required.
Is it possible to do such thing ? How ?
I think we need to "share" something between the request of siteA and the
application itself.
I tried to share the JSESSIONID but it was not working; after
investigation I found that JSESSIONID is not useful for my purpose.
I hope to have explained clearly my issue,
thanks for any help
From: "Emanuele Gesuato" <Emanuele.Gesuato(a)finantix.com>
To: keycloak-user(a)lists.jboss.org
Date: 05/04/2018 15:58
Subject: Re: [keycloak-user] SSO in web and desktop application
Sent by: keycloak-user-bounces(a)lists.jboss.org
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
5:32 p.m.
I don't know if I can understand it clearly but is this not possible
through keycloak rest-api ?
On Thu, 5 Apr 2018, 19:38 Emanuele Gesuato, <Emanuele.Gesuato(a)finantix.com>
wrote:
Sorry for previous messages, not sure what happened
******
Hi everyone,
we are using the tomcat 7 adapter of keycloak 3.4.3 (SAML). We managed
also to install the server side part and to integrate the keycloak with an
our web application. Now when user access to siteA he is correctly
redirected to keycloak login page and after login he is redirected to the
application itself. It is working fine.
Problem is the following. We are not trying to integrate SSO in the
following way:
1. User opens browser and goes to our siteA
2. User correctly logins
3. In user desktop there is an our client-server application developed in
java and our goal is to have the user logged in automatically because we
are sharing same set of users. Moreover, siteA and the server side
application are different clients in the same realm.
The client-server application is basically a webapplication, where the
client part is a "custom" browser that restricts the user to do only some
operations. The browser widget is a custom one but we can change if
required.
Is it possible to do such thing ? How ?
I think we need to "share" something between the request of siteA and the
application itself.
I tried to share the JSESSIONID but it was not working; after
investigation I found that JSESSIONID is not useful for my purpose.
I hope to have explained clearly my issue,
thanks for any help
From: "Emanuele Gesuato" <Emanuele.Gesuato(a)finantix.com>
To: keycloak-user(a)lists.jboss.org
Date: 05/04/2018 15:58
Subject: Re: [keycloak-user] SSO in web and desktop application
Sent by: keycloak-user-bounces(a)lists.jboss.org
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
7:14 p.m.
Hi Subodh,
it is what I thought but it looks like rest api are available only for
open-id not for saml protocol.
To retrieve access-token I need to enable access-type as "public" or
"confidential" but it is an option available only for open-id clients.
When I try to run
curl -d "client_id=admin_client" -d "username=admin" -d
"password=password" -d "grant_type=password" "
http://<host>:<port>/auth/realms/master/protocol/openid-connect/token"
I got error ( "admin_client" is a saml client):
{"error":"unauthorized_client","error_description":"Client
secret not
provided in request"}
but:
1. access type can be changed as "public" or "confidential" only for
openId clients.
2. client secret cannot be generated for saml clients.
Am I missing something ?
many thanks for any help,
Emanuele
From: Subodh Joshi <subodhcjoshi82(a)gmail.com>
To: Emanuele Gesuato <Emanuele.Gesuato(a)finantix.com>
Cc: keycloak-user <keycloak-user(a)lists.jboss.org>
Date: 05/04/2018 17:35
Subject: Re: [keycloak-user] SSO in web and desktop application
Sent by: keycloak-user-bounces(a)lists.jboss.org
I don't know if I can understand it clearly but is this not possible
through keycloak rest-api ?
On Thu, 5 Apr 2018, 19:38 Emanuele Gesuato,
<Emanuele.Gesuato(a)finantix.com>
wrote:
Sorry for previous messages, not sure what happened
******
Hi everyone,
we are using the tomcat 7 adapter of keycloak 3.4.3 (SAML). We managed
also to install the server side part and to integrate the keycloak with
an
our web application. Now when user access to siteA he is correctly
redirected to keycloak login page and after login he is redirected to
the
application itself. It is working fine.
Problem is the following. We are not trying to integrate SSO in the
following way:
1. User opens browser and goes to our siteA
2. User correctly logins
3. In user desktop there is an our client-server application developed
in
java and our goal is to have the user logged in automatically because
we
are sharing same set of users. Moreover, siteA and the server side
application are different clients in the same realm.
The client-server application is basically a webapplication, where the
client part is a "custom" browser that restricts the user to do only
some
operations. The browser widget is a custom one but we can change if
required.
Is it possible to do such thing ? How ?
I think we need to "share" something between the request of siteA and
the
application itself.
I tried to share the JSESSIONID but it was not working; after
investigation I found that JSESSIONID is not useful for my purpose.
I hope to have explained clearly my issue,
thanks for any help
From: "Emanuele Gesuato" <Emanuele.Gesuato(a)finantix.com>
To: keycloak-user(a)lists.jboss.org
Date: 05/04/2018 15:58
Subject: Re: [keycloak-user] SSO in web and desktop application
Sent by: keycloak-user-bounces(a)lists.jboss.org
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
9:28 a.m.
Hello Emmanuele,
If the client-server app is a browser it should be able to make the SAML
authentication request to your IdP and consume the SAMLResponse from your
IdP [1]. For this you can use SAML Java Servlet Filter Adapter [2]
Perhaps I am missing somethig, sorry...
Hope it helps,
Luis
[1]
http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-...
[2]
http://www.keycloak.org/docs/latest/securing_apps/index.html#java-servlet...
2018-04-05 19:14 GMT+02:00 Emanuele Gesuato <Emanuele.Gesuato(a)finantix.com>:
Hi Subodh,
it is what I thought but it looks like rest api are available only for
open-id not for saml protocol.
To retrieve access-token I need to enable access-type as "public" or
"confidential" but it is an option available only for open-id clients.
When I try to run
curl -d "client_id=admin_client" -d "username=admin" -d
"password=password" -d "grant_type=password" "
http://<host>:<port>/auth/realms/master/protocol/openid-connect/token"
I got error ( "admin_client" is a saml client):
{"error":"unauthorized_client","error_description":"Client
secret not
provided in request"}
but:
1. access type can be changed as "public" or "confidential" only for
openId clients.
2. client secret cannot be generated for saml clients.
Am I missing something ?
many thanks for any help,
Emanuele
From: Subodh Joshi <subodhcjoshi82(a)gmail.com>
To: Emanuele Gesuato <Emanuele.Gesuato(a)finantix.com>
Cc: keycloak-user <keycloak-user(a)lists.jboss.org>
Date: 05/04/2018 17:35
Subject: Re: [keycloak-user] SSO in web and desktop application
Sent by: keycloak-user-bounces(a)lists.jboss.org
I don't know if I can understand it clearly but is this not possible
through keycloak rest-api ?
On Thu, 5 Apr 2018, 19:38 Emanuele Gesuato,
<Emanuele.Gesuato(a)finantix.com>
wrote:
> Sorry for previous messages, not sure what happened
> ******
> Hi everyone,
>
> we are using the tomcat 7 adapter of keycloak 3.4.3 (SAML). We managed
> also to install the server side part and to integrate the keycloak with
an
> our web application. Now when user access to siteA he is correctly
> redirected to keycloak login page and after login he is redirected to
the
> application itself. It is working fine.
>
> Problem is the following. We are not trying to integrate SSO in the
> following way:
> 1. User opens browser and goes to our siteA
> 2. User correctly logins
> 3. In user desktop there is an our client-server application developed
in
> java and our goal is to have the user logged in automatically because we
> are sharing same set of users. Moreover, siteA and the server side
> application are different clients in the same realm.
>
> The client-server application is basically a webapplication, where the
> client part is a "custom" browser that restricts the user to do only
some
> operations. The browser widget is a custom one but we can change if
> required.
>
> Is it possible to do such thing ? How ?
>
> I think we need to "share" something between the request of siteA and
the
> application itself.
> I tried to share the JSESSIONID but it was not working; after
> investigation I found that JSESSIONID is not useful for my purpose.
>
> I hope to have explained clearly my issue,
> thanks for any help
>
>
>
> From: "Emanuele Gesuato" <Emanuele.Gesuato(a)finantix.com>
> To: keycloak-user(a)lists.jboss.org
> Date: 05/04/2018 15:58
> Subject: Re: [keycloak-user] SSO in web and desktop application
> Sent by: keycloak-user-bounces(a)lists.jboss.org
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."
- Samuel Beckett
12:04 p.m.
Emanuele Gesuato Look like some issue with your email client/server.
On Fri, Apr 6, 2018 at 3:21 PM, Emanuele Gesuato <
Emanuele.Gesuato(a)finantix.com> wrote:
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Subodh Chandra Joshi
subodh1_joshi82(a)yahoo.co.in
http://www.trendsinnews.com
12:38 p.m.
sorry for my email issue
*****************
Hi there,
client-server app is a browser application where we are using the
keycloak-saml tomcat7 adapter.
Your link refers to a java servlet application that doesn’t have an
adapter for that servlet platform.
Am I missing something in your answer ?
thanks,
Emanuele Gesuato
Software specialist
Mobile: +39 335 757 3556 | Email: emanuele.gesuato(a)finantix.com | skype:
emanuelegesuato_work
CONFIDENTIALITY NOTICE - The information contained in this communication
is intended solely for the use of the individual or entity to whom it is
addressed and others authorized to receive it. It may contain confidential
or legally privileged information. If you are not the intended recipient
you are hereby notified that any disclosure, copying, distribution or
taking any action in reliance on the contents of this information is
strictly prohibited and may be unlawful. If you have received this
communication in error, please notify us immediately by responding to this
email and then delete it from your system. Finantix is neither liable for
the proper and complete transmission of the information contained in this
communication nor for any delay in its receipt.
From: Subodh Joshi <subodhcjoshi82(a)gmail.com>
To: Emanuele Gesuato <Emanuele.Gesuato(a)finantix.com>
Cc: keycloak-user <keycloak-user(a)lists.jboss.org>
Date: 06/04/2018 12:11
Subject: Re: [keycloak-user] SSO in web and desktop application
Sent by: keycloak-user-bounces(a)lists.jboss.org
Emanuele Gesuato Look like some issue with your email client/server.
On Fri, Apr 6, 2018 at 3:21 PM, Emanuele Gesuato <
Emanuele.Gesuato(a)finantix.com> wrote:
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Subodh Chandra Joshi
subodh1_joshi82(a)yahoo.co.in
http://www.trendsinnews.com
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
2234
days inactive
2235
days old
8 comments
3 participants
participants (3)
-
Emanuele Gesuato -
Luis Rodríguez Fernández -
Subodh Joshi