2:01 p.m.
Doing my first steps with keycloak I successfully setup a keycloak
(3.4.3.Final) instance and explored the vanilla sample app. Now I want to
try the SAML sample app (app-profile-saml-jee-jsp).
After modifying the web.xml to use KEYCLOAK instead of KEYCLOAK-SAML as the
auth-method (I was getting an error: "Unknown authentication mechanism
KEYCLOAK-SAML") I was able to build and deploy the app to my Wildfly 10.1
instance.
Question: Was it correct to change the auth-method to KEYCLOAK?
If I now access the sample app and click on "Login" (or trying to access
profile.jsp) I get a "Forbidden" error.
AFAICT, I set up keycloak for the sample app as decribed in the
documentation/readme.
Any ideas?
--Heiko
--
Sent from: http://keycloak-user.88327.x6.nabble.com/
2:15 p.m.
On 20/02/18 14:01, tdtappe wrote:
Doing my first steps with keycloak I successfully setup a keycloak
(3.4.3.Final) instance and explored the vanilla sample app. Now I want to
try the SAML sample app (app-profile-saml-jee-jsp).
After modifying the web.xml to use KEYCLOAK instead of KEYCLOAK-SAML as the
auth-method (I was getting an error: "Unknown authentication mechanism
KEYCLOAK-SAML") I was able to build and deploy the app to my Wildfly 10.1
instance.
Question: Was it correct to change the auth-method to KEYCLOAK?
No, it's not
correct AFAIK. Method KEYCLOAK can be used just if you
installed the OpenID Connect keycloak adapter subsystem into your
Wildfly and it's useful just for OpenID Connect clients. SAML clients
need KEYCLOAK-SAML authentication mechanism.
Why you changed that? Is it stated in some documentation or README that
SAML clients are supposed to use KEYCLOAK method? If yes, it's not
correct and we should likely fix it.
Marek
If I now access the sample app and click on "Login" (or trying to access
profile.jsp) I get a "Forbidden" error.
AFAICT, I set up keycloak for the sample app as decribed in the
documentation/readme.
Any ideas?
--Heiko
--
Sent from: http://keycloak-user.88327.x6.nabble.com/
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
3:09 p.m.
New subject: Re-2: SAML quickstart example
No, it's not correct AFAIK. Method KEYCLOAK can be used just if
you
installed the OpenID Connect keycloak adapter subsystem into your
Wildfly and it's useful just for OpenID Connect clients. SAML clients
need KEYCLOAK-SAML authentication mechanism.
Why you changed that? Is it stated in some documentation or README that
SAML clients are supposed to use KEYCLOAK method? If yes, it's not
correct and we should likely fix it.
No. I changed it because of the error I mentioned and I wanted to give it a try after some
research on the internet where I found some stuff with "KEYCLOAK" instead of
"KEYCLOAK-SAML".
But by mentioning my mistake with KEYCLOAK / KEYCLOAK-SAML you helped me to get on the
right track.
I started from scratch and now it works as expected. I think something went wrong when I
tried to install the Wildfly SAML adapter.
Thanks a lot for your help!
--Heiko
Original Message processed by davidĀ®
Re: [keycloak-user] SAML quickstart example 20. Februar 2018, 14:15 Uhr
Von Marek Posolda
An (2) tdtappe|keycloak-user(a)lists.jboss.org
On 20/02/18 14:01, tdtappe wrote:
Doing my first steps with keycloak I successfully setup a keycloak
(3.4.3.Final) instance and explored the vanilla sample app. Now I want to
try the SAML sample app (app-profile-saml-jee-jsp).
After modifying the web.xml to use KEYCLOAK instead of KEYCLOAK-SAML as the
auth-method (I was getting an error: "Unknown authentication mechanism
KEYCLOAK-SAML") I was able to build and deploy the app to my Wildfly 10.1
instance.
Question: Was it correct to change the auth-method to KEYCLOAK?
No, it's not correct AFAIK. Method KEYCLOAK can be used just if you
installed the OpenID Connect keycloak adapter subsystem into your
Wildfly and it's useful just for OpenID Connect clients. SAML clients
need KEYCLOAK-SAML authentication mechanism.
Why you changed that? Is it stated in some documentation or README that
SAML clients are supposed to use KEYCLOAK method? If yes, it's not
correct and we should likely fix it.
Marek
If I now access the sample app and click on "Login" (or trying to access
profile.jsp) I get a "Forbidden" error.
AFAICT, I set up keycloak for the sample app as decribed in the
documentation/readme.
Any ideas?
--Heiko
--
Sent from: http://keycloak-user.88327.x6.nabble.com/
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
To: keycloak-user(a)lists.jboss.org
mposolda(a)redhat.com
2529
days inactive
2529
days old
2 comments
3 participants
participants (3)
-
Marek Posolda -
Tappe, Heiko -
tdtappe