7:31 p.m.
I have a keycloak 1.9.8 install that I am trying to reconfigure.
I have a client that tries to authenticate requests to
https://lvpalgomi1d.ln.jefco.com:8443/synchronicity/*
I have a saml 2.0 identity provider configured against pingfederate. The redirect URI is
http://lvpalgomi1d.ln.jefco.com:8180/auth/realms/Algomi/broker/pingfedera...
When I enter https://lvpalgomi1d.ln.jefco.com:8443/synchronicity/login.jsp into a web
browser I end up at
http://lvpalgomi1d.ln.jefco.com:8180/auth/realms/Algomi/broker/pingfedera...
which is not what I intend - I would like to be validated and then redirected back to the
original location.
Is there another step to redirect the browser back to the original URL?
I am picking up this task from a colleague who moved on. I have tried reading the
server-administration-guide but it does not seem to be helping with this problem.
How do I diagnose the issue? What settings do I need to check?
There are also a couple of ldap providers set up under User Federation. I don't know
whether they are needed - I think they were previously used to authenticate against ldap
but the users are looking for silent/pass-through authentication.
Actually, while I'm here, will SAML 2.0 even support Integrated Windows Authentication
that I am supposed to be implementing, or must I use Kerberos to achieve that?
Many thanks,
Sarah
Jefferies archives and monitors outgoing and incoming e-mail. The contents of this email,
including any attachments, are confidential to the ordinary user of the email address to
which it was addressed. If you are not the addressee of this email you may not copy,
forward, disclose or otherwise use it or any part of it in any form whatsoever. This email
may be produced at the request of regulators or in connection with civil litigation.
Jefferies accepts no liability for any errors or omissions arising as a result of
transmission. Use by other than intended recipients is prohibited. In the United Kingdom,
Jefferies operates as Jefferies International Limited; registered in England: no. 1978621;
registered office: Vintners Place, 68 Upper Thames Street, London EC4V 3BJ. Jefferies
International Limited is authorized and regulated by the Financial Conduct Authority.
11:19 a.m.
Assuming https://lvpalgomi1d.ln.jefco.com:8443/synchronicity/login.jsp is
the login screen for your SAML identity provider it's correct that should
redirect back to http://lvpalgomi1d.ln.jefco.com:8180/auth/realms/Algomi/
broker/pingfederate_saml/endpoint. At that point Keycloak should
authenticate the user and redirect to your client.
Is your browser stuck on http://lvpalgomi1d.ln.jefco.
com:8180/auth/realms/Algomi/broker/pingfederate_saml/endpoint? What is it
displaying? Are there any errors in the log? Is login working with
username/password directly in Keycloak?
On 12 September 2016 at 19:31, Sarah Phillips <sphillips(a)jefferies.com>
wrote:
I have a keycloak 1.9.8 install that I am trying to reconfigure.
I have a client that tries to authenticate requests to
https://lvpalgomi1d.ln.jefco.com:8443/synchronicity/*
I have a saml 2.0 identity provider configured against pingfederate. The
redirect URI is http://lvpalgomi1d.ln.jefco.com:8180/auth/realms/Algomi/
broker/pingfederate_saml/endpoint
When I enter https://lvpalgomi1d.ln.jefco.com:8443/synchronicity/login.jsp
into a web browser I end up at http://lvpalgomi1d.ln.jefco.
com:8180/auth/realms/Algomi/broker/pingfederate_saml/endpoint which is
not what I intend – I would like to be validated and then redirected back
to the original location.
Is there another step to redirect the browser back to the original URL?
I am picking up this task from a colleague who moved on. I have tried
reading the server-administration-guide but it does not seem to be helping
with this problem.
How do I diagnose the issue? What settings do I need to check?
There are also a couple of ldap providers set up under User Federation. I
don’t know whether they are needed – I think they were previously used to
authenticate against ldap but the users are looking for silent/pass-through
authentication.
Actually, while I’m here, will SAML 2.0 even support Integrated Windows
Authentication that I am supposed to be implementing, or must I use
Kerberos to achieve that?
Many thanks,
Sarah
Jefferies archives and monitors outgoing and incoming e-mail. The contents
of this email, including any attachments, are confidential to the ordinary
user of the email address to which it was addressed. If you are not the
addressee of this email you may not copy, forward, disclose or otherwise
use it or any part of it in any form whatsoever. This email may be produced
at the request of regulators or in connection with civil litigation.
Jefferies accepts no liability for any errors or omissions arising as a
result of transmission. Use by other than intended recipients is
prohibited. In the United Kingdom, Jefferies operates as Jefferies
International Limited; registered in England: no. 1978621; registered
office: Vintners Place, 68 Upper Thames Street, London EC4V 3BJ. Jefferies
International Limited is authorized and regulated by the Financial Conduct
Authority.
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3055
days inactive
3056
days old
1 comments
2 participants
participants (2)
-
Sarah Phillips -
Stian Thorgersen