I have plugged keycloak-saml-eap6-adapter-dist-2.5.5.Final into JBoss eap-6.4.1 following these instructions: http://www.keycloak.org/docs/2.5/securing_apps/topics/saml/java/saml-jbos... I am using Keycloak 2.5.5 as well. I have my client set up to use POST binding, and was getting into a loop of the client trying to login over and over in loop. I narrowed it down to the CatalinaSamlAuthenticator which overrides createBrowserHandler() to set up a BrowserHandler, as opposed to the WebBrowserSsoAuthenticationHandler the parent class sets up. This BrowserHandler overrides handle() in a way that does not read the samlResponse from the façade. This leads to initiateLogin() in the parent class getting called over and over. If I comment createBrowserHandler() in CatalinaSamlAuthenticator I get the WebBrowserSsoAuthenticationHandler implementation which has a version of handle() that works. Am I misconfigured somehow? Or is this a bug? Thanks, MJ