[keycloak-user] Problem Saml IdP
Sjef Hoeks
s.hoeks at gouwit.nl
Wed Jun 15 11:32:50 EDT 2016
Hi,
I'm trying to integrate Keycloak with a SAML SP, but unfortunately it is not working yet. I created a Identity Provider in the admin interface.
I guess the problem is that in the AuthnRequest which is send by a http post to the SP the AuthnRequest contains a NameIDPolicy:
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
....
<samlp:NameIDPolicy AllowCreate="true"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
/>
</samlp:AuthnRequest>
But according to the documentation of the SP I must send
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
....
<samlp:RequestedAuthnContext Comparison="minimum">
<saml:AuthnContextClassRef>
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>
Is this possible with Keycloak? And if so, how can this be done?
Kind regards,
Sjef Hoeks
Sjef Hoeks
Technisch Architect
[cid:GOUWit_logo_3612b840-badb-433c-9c06-73aec15567bc.jpg]
Gouw Informatie Technologie bv
Hogeweg 5, 5301 LB Zaltbommel
Postbus 98, 5300 AB Zaltbommel
T 0418 511 522
M
E s.hoeks at gouwit.nl
I www.gouwit.nl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160615/738e7893/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: GOUWit_logo_3612b840-badb-433c-9c06-73aec15567bc.jpg
Type: image/jpeg
Size: 69071 bytes
Desc: GOUWit_logo_3612b840-badb-433c-9c06-73aec15567bc.jpg
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160615/738e7893/attachment-0001.jpg
More information about the keycloak-user
mailing list