8:11 a.m.
[re-adding list]
On 04/19/2017 02:47 PM, Metehan Selvi wrote:
Hi,
in fact it is the second option:
Keycloak as IdP for sales-post-enc SP ( both on the same wildfly/keycloak instance) with
OpenAM as brokered idP :
- I deployed sales-post-enc with mvn clean package wildfly:deploy option,
- I entered the admin console and inside the saml-demo realm, I imported the OpenAm
IDPSSODescriptor
- On the tab Export (from Menu Identity Providers) I took the SPSSODescriptor - Section
under the Download Button and imported keycloak as remote SP on the OpenAm - Login Site.
What I found strange is that there is no KeyDescriptor for encryption, only for signing.
( Also there is no KeyDescriptor for enrycption in the SPSSODescriptor for Clients when
Enrypt Assertions is enabled and there are EncrptionKey and SigningKey available)
Please file an issue in Keycloak JIRA.
The 500 HTTP-Error occurs on OpenAM site when Encryption is enabled
on the IDP and before the SAML Response is generated.
If Encryption is disabled on OpenAM, the SAML Responses are generated correctly without
Errors.
500 is not thrown in Keycloak and the SAML response [to be generated by OpenAM] does not
get to Keycloak either. Hence I believe OpenAM support is the correct target audience.
Please share further details (e.g. the exception) if you find out that the issue is
specific to Keycloak communication with OpenAM.
Thanks
--Hynek
Cheers
On Wed, Apr 19, 2017 at 9:17 AM, Hynek Mlnarik <hmlnarik(a)redhat.com
<mailto:hmlnarik@redhat.com>> wrote:
On Tue, Apr 18, 2017 at 3:04 PM, Metehan Selvi <mselvi78(a)gmail.com
<mailto:mselvi78@gmail.com>> wrote:
> Hi there,
> I configured OpenAM as IDP and Keycloak as SP together.
> I use the sales-post-enc - example App.
Do you mean using Keycloak adapters as SP and OpenAM as IdP, or OpenAM
as brokered IdP while using Keycloak as IdP for sales-post-enc SP?
> SAML-AuthnRequests and SAML-Repsonses are working.
> ( Encryption disabled)
>
> When I enable Encrpytion in OpenAM and in the app, the SAML Repsonses
> cannot be encrypted in OpenAM as it throws Exceptions with Http 500
> Responses.
Is it OpenAM or Keycloak returning HTTP 500 error? If Keycloak, can
you share details of the exception?
> How do I get out from the Problem ?
>
> When I want to export the SPSSODescriptor form Keycloak for the OpenAM IDP,
> it contains only the KeyDescriptor for Signing. Normally it should be also
> possible to export the KeyDescriptor for encryption. Is this maybe the
> failure?
>
> Other ideas to get rid of the problem.. ?!
>
> Cheers
> Metehan Selvi
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
<https://lists.jboss.org/mailman/listinfo/keycloak-user>
--
--Hynek
2835
days inactive
2835
days old
0 comments
1 participants
participants (1)
-
Hynek Mlnarik