Hi Subodh,
it is what I thought but it looks like rest api are available only for
open-id not for saml protocol.
To retrieve access-token I need to enable access-type as "public" or
"confidential" but it is an option available only for open-id clients.
When I try to run
curl -d "client_id=admin_client" -d "username=admin" -d
"password=password" -d "grant_type=password" "
http://<host>:<port>/auth/realms/master/protocol/openid-connect/token"
I got error ( "admin_client" is a saml client):
{"error":"unauthorized_client","error_description":"Client
secret not
provided in request"}
but:
1. access type can be changed as "public" or "confidential" only for
openId clients.
2. client secret cannot be generated for saml clients.
Am I missing something ?
many thanks for any help,
Emanuele
From: Subodh Joshi <subodhcjoshi82(a)gmail.com>
To: Emanuele Gesuato <Emanuele.Gesuato(a)finantix.com>
Cc: keycloak-user <keycloak-user(a)lists.jboss.org>
Date: 05/04/2018 17:35
Subject: Re: [keycloak-user] SSO in web and desktop application
Sent by: keycloak-user-bounces(a)lists.jboss.org
I don't know if I can understand it clearly but is this not possible
through keycloak rest-api ?
On Thu, 5 Apr 2018, 19:38 Emanuele Gesuato,
<Emanuele.Gesuato(a)finantix.com>
wrote:
Sorry for previous messages, not sure what happened
******
Hi everyone,
we are using the tomcat 7 adapter of keycloak 3.4.3 (SAML). We managed
also to install the server side part and to integrate the keycloak with
an
our web application. Now when user access to siteA he is correctly
redirected to keycloak login page and after login he is redirected to
the
application itself. It is working fine.
Problem is the following. We are not trying to integrate SSO in the
following way:
1. User opens browser and goes to our siteA
2. User correctly logins
3. In user desktop there is an our client-server application developed
in
java and our goal is to have the user logged in automatically because
we
are sharing same set of users. Moreover, siteA and the server side
application are different clients in the same realm.
The client-server application is basically a webapplication, where the
client part is a "custom" browser that restricts the user to do only
some
operations. The browser widget is a custom one but we can change if
required.
Is it possible to do such thing ? How ?
I think we need to "share" something between the request of siteA and
the
application itself.
I tried to share the JSESSIONID but it was not working; after
investigation I found that JSESSIONID is not useful for my purpose.
I hope to have explained clearly my issue,
thanks for any help
From: "Emanuele Gesuato" <Emanuele.Gesuato(a)finantix.com>
To: keycloak-user(a)lists.jboss.org
Date: 05/04/2018 15:58
Subject: Re: [keycloak-user] SSO in web and desktop application
Sent by: keycloak-user-bounces(a)lists.jboss.org
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user