7:29 p.m.
Hello,
I am trying to integrate keycloak and Salesforce using Salesforce as an identity provider.
It seems some of the information required to properly set up the Salesforce as SAML IdP is
missing in the keycloak's SAML identity provider configuration. For example,
"Entity Id", according to the Salesforce documentation, is "This value
comes from the service provider. Each entity ID in an organization must be unique. If
you’re accessing multiple apps from your service provider, you only need to define the
service provider once, and then use the RelayState parameter to append the URL values to
direct the user to the correct app after signing in."
(https://help.salesforce.com/HTViewHelpDoc?id=service_provider_define.htm&...).
The SAML identity provider configuration in keycloak does not have a setting to specify
"Entity Id". Another missing attribute is "ACS URL" (The ACS, or
assertion consumer service, URL comes from the SAML service provider.). Has anyone been
able to set up Salesforce as IdP and keycloak as SP using keycloak's SAML identity
provider? Is this even possible given that some required parameters are missing?ThxPeter
1:39 p.m.
After a bit of digging through the keycloak archives, I believe I've foundan answer to
my own question. There is indeed a way to set up identitybrokering in keycloak with
Salesforce, although the processis not as straightforward as one would expect. To get the
values for ACS URL and Entity Id one should create a SAML 2.0 external IdP,and then
"Export" the IdP using the "Export" button.
--Peter
Hello,
I am trying to integrate keycloak and Salesforce using
Salesforce >as an identity provider. It seems some of the information required
to >properly set up the Salesforce as SAML IdP is missing in the keycloak's
SAML >identity provider configuration. For example, "Entity Id", according to
the >Salesforce documentation: >"This value comes from the service
provider. >Each entity ID in an organization must be unique. If you’re accessing
multiple >apps from your service provider, you only need to define the service
provider >>once, and then use the RelayState parameter to append the URL
values >to direct the user to the correct app after signing in."
(https://help.salesforce.com/HTViewHelpDoc?>id=service_provider_define....
SAML identity provider configuration in keycloak does not have >a setting to specify
"Entity Id". Another missing attribute is "ACS URL" >(The ACS, or
assertion consumer service, URL comes from the SAML >service provider.).
Has anyone been able to set up Salesforce as IdP and keycloak >as SP using
keycloak's SAML identity provider? Is this even possible >given that some required
parameters are missing?>Thx>Peter
3111
days inactive
3113
days old
1 comments
1 participants
participants (1)
-
Peter Nalyvayko