Dear All May I ask - how to get the user id and other SAML additional attribute which server asserts. Do you have any url for java program to extract these info from client/service provider program Secondly, am running keycloak server in a standalone mode and defined realm - demo with SAML and users/roles etc Now, once i access http://localhost:8280/sample/, it is getting redirect to IDP server ..but it is not challenging for user authentication.. it just says "Invalid redirect uri".. "2015-11-23 17:15:03,998 WARN [org.keycloak.events] (default task-1) type=LOGIN_ERROR, realmId=demo, clientId=null, userId=null, ipAddress=127.0.0.1, error=invalid_redirect_uri" My client application is a localhost application with url http://localhost:8280/sample/* ..so I registerd same on Valid Redirect URIs field. am not sure how to debug it.. I enabled ALL for logger. Kindly advice please attached screen shots for client applicaiton and keycloak-saml.xml - client application is running on tomcat 7 Client Application from keycloak server (Embedded image moved to file: pic32702.jpg) keycloak-saml.xml (See attached file: keycloak-saml.xml)