[keycloak-user] IDP SAMLV2.0 with Salesforce

Thu Apr 30 14:51:31 EDT 2015

Hi Bill,

Thank you this worked out! I user is created with my name
saml.henk.laracker at p***n.nl , do you have any idee why the “saml” prefix
is added? 

Henk

On 30/04/15 18:44, "Bill Burke" <bburke at redhat.com> wrote:

>Ok, I was able to get this to work.  The problem was I had to set a
>"profile" for the connected app on Salesforce.  I added a "System
>Adminstrator" profile to the Connected App and it worked.
>
>I'm not sure how to upload a app certificate yet.  Not sure what format
>Salesforce is looking for.
>
>On 4/30/2015 11:39 AM, Bill Burke wrote:
>> I set up a salesforce example and looked at the login response SAML
>> document.  Looks like no assertion data is being sent back at all by
>> salesforce.
>>
>> On 4/30/2015 9:43 AM, Bill Burke wrote:
>>> i have no idea.  Basically this error is stating that the login
>>>response
>>> saml document has no assertions within it.  If there are no assertions,
>>> then there has been no identity data sent.
>>>
>>> I'm looking now, but can you send me a link on how to set up Salesforce
>>> as an IDP?  Is one able to set up a free account and such?
>>>
>>> On 4/30/2015 9:25 AM, Henk Laracker wrote:
>>>> Hi Bill,
>>>>
>>>> I don¹t know why I missed that, thanks! Salesforce respons know with
>>>>the
>>>> correct login page. After logging in in Salesforce, I¹m redirected to
>>>> keycloak again with a internal error:
>>>>
>>>> Caused by: org.keycloak.broker.provider.IdentityBrokerException:
>>>>Could not
>>>> process response from SAML identity provider.
>>>> 	at
>>>> 
>>>>org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLE
>>>>ndpo
>>>> int.java:299)
>>>> 	at
>>>> 
>>>>org.keycloak.broker.saml.SAMLEndpoint$Binding.handleSamlResponse(SAMLEn
>>>>dpoi
>>>> nt.java:343)
>>>> 	at
>>>> 
>>>>org.keycloak.broker.saml.SAMLEndpoint$Binding.execute(SAMLEndpoint.java
>>>>:169
>>>> )
>>>> 	at
>>>> 
>>>>org.keycloak.broker.saml.SAMLEndpoint.postBinding(SAMLEndpoint.java:117
>>>>)
>>>> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>> [rt.jar:1.8.0_45]
>>>> 	at
>>>> 
>>>>sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja
>>>>va:6
>>>> 2) [rt.jar:1.8.0_45]
>>>> 	at
>>>> 
>>>>sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso
>>>>rImp
>>>> l.java:43) [rt.jar:1.8.0_45]
>>>> 	at java.lang.reflect.Method.invoke(Method.java:497) [rt.jar:1.8.0_45]
>>>> 	at
>>>> 
>>>>org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.ja
>>>>va:1
>>>> 37) [resteasy-jaxrs-3.0.10.Final.jar:]
>>>> 	at
>>>> 
>>>>org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMe
>>>>thod
>>>> Invoker.java:296) [resteasy-jaxrs-3.0.10.Final.jar:]
>>>> 	at
>>>> 
>>>>org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvo
>>>>ker.
>>>> java:250) [resteasy-jaxrs-3.0.10.Final.jar:]
>>>> 	at
>>>> 
>>>>org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Res
>>>>ourc
>>>> eLocatorInvoker.java:140) [resteasy-jaxrs-3.0.10.Final.jar:]
>>>> 	at
>>>> 
>>>>org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorIn
>>>>voke
>>>> r.java:109) [resteasy-jaxrs-3.0.10.Final.jar:]
>>>> 	at
>>>> 
>>>>org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(Res
>>>>ourc
>>>> eLocatorInvoker.java:135) [resteasy-jaxrs-3.0.10.Final.jar:]
>>>> 	at
>>>> 
>>>>org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorIn
>>>>voke
>>>> r.java:103) [resteasy-jaxrs-3.0.10.Final.jar:]
>>>> 	at
>>>> 
>>>>org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatc
>>>>her.
>>>> java:356) [resteasy-jaxrs-3.0.10.Final.jar:]
>>>> 	... 39 more
>>>> Caused by: org.keycloak.broker.provider.IdentityBrokerException: No
>>>> assertion from response.
>>>> 	at
>>>> 
>>>>org.keycloak.broker.saml.SAMLEndpoint$Binding.getAssertion(SAMLEndpoint
>>>>.jav
>>>> a:309)
>>>> 	at
>>>> 
>>>>org.keycloak.broker.saml.SAMLEndpoint$Binding.handleLoginResponse(SAMLE
>>>>ndpo
>>>> int.java:264)
>>>> 	... 54 more
>>>>
>>>> Any idea?
>>>>
>>>> Henk
>>>>
>>>>
>>>>
>>>>
>>>> On 30/04/15 14:31, "Bill Burke" <bburke at redhat.com> wrote:
>>>>
>>>>> You want to chain keycloak server to Salesforce?
>>>>>
>>>>> If you create a SAMLv2 IdentityProvider in keycloak that points to
>>>>> Salesforce, you;ll see after you create it, an Export button.  Click
>>>>> that.  That will create an entity descriptor with all the information
>>>>> you need.
>>>>>
>>>>> On 4/30/2015 2:45 AM, Henk Laracker wrote:
>>>>>> Hi,
>>>>>>
>>>>>> I like to use Salesforce as Identity Provider, the metadata
>>>>>>provided by
>>>>>> salesforce can be imported.
>>>>>> But I need to specify the Service Provider in salesforce, I have to
>>>>>>fill
>>>>>> in a couple of fields, but two of them I don¹t understand (and are
>>>>>> mandatory). Does someone have any clue
>>>>>>
>>>>>>     1. entity id , remark of salesforce : get this value from your
>>>>>>        serviceprovider
>>>>>>     2. ACS URL, remark of slaesforce : The assertion consumer
>>>>>>service. Get
>>>>>>        this value from your service provider.
>>>>>>
>>>>>> I have tried a lot of values but every-time I click the saml button
>>>>>>on
>>>>>> my app, it redirects to salesforce but I get a page with the error :
>>>>>> Error: Unable to resolve request into a Service Provider
>>>>>>
>>>>>> Henk
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> keycloak-user mailing list
>>>>>> keycloak-user at lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>
>>>>>
>>>>> --
>>>>> Bill Burke
>>>>> JBoss, a division of Red Hat
>>>>> http://bill.burkecentral.com
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user at lists.jboss.org
>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>
>>>
>>
>
>-- 
>Bill Burke
>JBoss, a division of Red Hat
>http://bill.burkecentral.com
>_______________________________________________
>keycloak-user mailing list
>keycloak-user at lists.jboss.org
>https://lists.jboss.org/mailman/listinfo/keycloak-user