[keycloak-user] IDP SAMLV2.0 with Salesforce

Henk Laracker Henk.Laracker at planonsoftware.com
Thu Apr 30 09:25:08 EDT 2015


Hi Bill,

I don¹t know why I missed that, thanks! Salesforce respons know with the
correct login page. After logging in in Salesforce, I¹m redirected to
keycloak again with a internal error:

Caused by: org.keycloak.broker.provider.IdentityBrokerException: Could not
process response from SAML identity provider.
	at 
org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLEndpo
int.java:299)
	at 
org.keycloak.broker.saml.SAMLEndpoint$Binding.handleSamlResponse(SAMLEndpoi
nt.java:343)
	at 
org.keycloak.broker.saml.SAMLEndpoint$Binding.execute(SAMLEndpoint.java:169
)
	at 
org.keycloak.broker.saml.SAMLEndpoint.postBinding(SAMLEndpoint.java:117)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
[rt.jar:1.8.0_45]
	at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:6
2) [rt.jar:1.8.0_45]
	at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImp
l.java:43) [rt.jar:1.8.0_45]
	at java.lang.reflect.Method.invoke(Method.java:497) [rt.jar:1.8.0_45]
	at 
org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:1
37) [resteasy-jaxrs-3.0.10.Final.jar:]
	at 
org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethod
Invoker.java:296) [resteasy-jaxrs-3.0.10.Final.jar:]
	at 
org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.
java:250) [resteasy-jaxrs-3.0.10.Final.jar:]
	at 
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Resourc
eLocatorInvoker.java:140) [resteasy-jaxrs-3.0.10.Final.jar:]
	at 
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoke
r.java:109) [resteasy-jaxrs-3.0.10.Final.jar:]
	at 
org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Resourc
eLocatorInvoker.java:135) [resteasy-jaxrs-3.0.10.Final.jar:]
	at 
org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoke
r.java:103) [resteasy-jaxrs-3.0.10.Final.jar:]
	at 
org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.
java:356) [resteasy-jaxrs-3.0.10.Final.jar:]
	... 39 more
Caused by: org.keycloak.broker.provider.IdentityBrokerException: No
assertion from response.
	at 
org.keycloak.broker.saml.SAMLEndpoint$Binding.getAssertion(SAMLEndpoint.jav
a:309)
	at 
org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLEndpo
int.java:264)
	... 54 more

Any idea? 

Henk




On 30/04/15 14:31, "Bill Burke" <bburke at redhat.com> wrote:

>You want to chain keycloak server to Salesforce?
>
>If you create a SAMLv2 IdentityProvider in keycloak that points to
>Salesforce, you;ll see after you create it, an Export button.  Click
>that.  That will create an entity descriptor with all the information
>you need.
>
>On 4/30/2015 2:45 AM, Henk Laracker wrote:
>> Hi,
>>
>> I like to use Salesforce as Identity Provider, the metadata provided by
>> salesforce can be imported.
>> But I need to specify the Service Provider in salesforce, I have to fill
>> in a couple of fields, but two of them I don¹t understand (and are
>> mandatory). Does someone have any clue
>>
>>  1. entity id , remark of salesforce : get this value from your
>>     serviceprovider
>>  2. ACS URL, remark of slaesforce : The assertion consumer service. Get
>>     this value from your service provider.
>>
>> I have tried a lot of values but every-time I click the saml button on
>> my app, it redirects to salesforce but I get a page with the error :
>> Error: Unable to resolve request into a Service Provider
>>
>> Henk
>>
>>
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
>
>-- 
>Bill Burke
>JBoss, a division of Red Hat
>http://bill.burkecentral.com
>_______________________________________________
>keycloak-user mailing list
>keycloak-user at lists.jboss.org
>https://lists.jboss.org/mailman/listinfo/keycloak-user




More information about the keycloak-user mailing list