Hi, I'm trying to integrate Keycloak with a SAML SP, but unfortunately it is not working yet. I created a Identity Provider in the admin interface. I guess the problem is that in the AuthnRequest which is send by a http post to the SP the AuthnRequest contains a NameIDPolicy: <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" .... <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" /> </samlp:AuthnRequest> But according to the documentation of the SP I must send <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" .... <samlp:RequestedAuthnContext Comparison="minimum"> <saml:AuthnContextClassRef> urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport </saml:AuthnContextClassRef> </samlp:RequestedAuthnContext> </samlp:AuthnRequest> Is this possible with Keycloak? And if so, how can this be done? Kind regards, Sjef Hoeks Sjef Hoeks Technisch Architect [cid:GOUWit_logo_3612b840-badb-433c-9c06-73aec15567bc.jpg] Gouw Informatie Technologie bv Hogeweg 5, 5301 LB Zaltbommel Postbus 98, 5300 AB Zaltbommel T 0418 511 522 M E s.hoeks(a)gouwit.nl I www.gouwit.nl