[keycloak-dev] IDP initiated flow redirect not working

Priyadarshini Chandra priyadarshini.chandra at gmail.com
Wed Jan 30 16:59:45 EST 2019


I am trying to implement below workflow for SAML auth using Keycloak:

1. User is logged-in to external website.
2. User clicks on the link for Service Provider which redirects the user to
Keycloak for SAML authentication. It is a HTTP POST Request with
SAMLResponse and RelayState.
3. Keycloak should validate the SAML token ,create session etc and redirect
the user to the Service provider application.

I have tried the IDP initiated Login flow and Client creation steps.
1.Created one IDP - idp1
2.Created a client - client1, master SAML points to idp1 endpoint.
3.Sending the HTTP Request with
SAMLResponse:"../broker/idp1/endpoint/clients/client1"
 RelayState: Service provider application page.
We are stuck at the point where getting error "You are already
authenticated as different user 'testuser' in this session. Please logout
first."
It looks like session and user is getting created.
What should be the correct flow.


More information about the keycloak-dev mailing list