[keycloak-dev] Issue with BrowserHandler using the saml2 adapter in wildfly 10
Hynek Mlnarik
hmlnarik at redhat.com
Fri Oct 27 03:34:27 EDT 2017
What URL have you set for the client saml endpoint in configuration at the
identity provider site? The url needs to end in "/saml" without quotes
On Fri, Oct 27, 2017 at 8:47 AM, Daniel Schmidt <list-keycloak at ad-schmidt.de
> wrote:
> Hi everybody,
>
> I just started to use the SAML2-authentication-adapter of Keycloak in
> Wildfly 10. I use it according to this documentation:
> http://www.keycloak.org/docs/3.0/securing_apps/topics/saml/
> java/jboss-adapter/securing_wars.html
>
> As it did not work, I debugged into the adapter code and narrowed the
> problem down to
> org.keycloak.adapters.saml.undertow.UndertowSamlAuthenticator.
> createBrowserHandler(HttpFacade,
> SamlDeployment, SamlSessionStore) where a
> org.keycloak.adapters.saml.profile.webbrowsersso.BrowserHandler is
> instantiated.
>
> This BrowserHandler always passes null as samlRequest, samlResponse and
> relayState. When I create a
> org.keycloak.adapters.saml.profile.webbrowsersso.
> WebBrowserSsoAuthenticationHandler
> instead, the code works as expected.
>
> Is this a bug in the BrowserHandler or am I missing some important
> configuration option?
>
> --
>
> Another question on this topic:
> The configuration with <secure-deployment >...</secure-deployment>
> bypasses any existing <login-module> as far as I can see. Is this the case?
>
> Is there any possibility to configure a custom login-module that could
> authenticate a user before using the Keycloak authentication mechanism?
> I would like to use the Keycloak authentication as a fallback only.
>
>
> Thanks in advance,
>
> Daniel Schmidt
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
--
--Hynek
More information about the keycloak-dev
mailing list