[keycloak-user] Problem Saml IdP

Sjef Hoeks s.hoeks at gouwit.nl
Wed Jun 15 11:32:50 EDT 2016


Hi,

I'm trying to integrate Keycloak with a SAML SP, but unfortunately it is not working yet. I created a Identity Provider in the admin interface.

I guess the problem is that in the AuthnRequest which is send by a http post to the SP the AuthnRequest contains a NameIDPolicy:


<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"

    ....

    <samlp:NameIDPolicy AllowCreate="true"
                        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
                        />
</samlp:AuthnRequest>




But according to the documentation of the SP I must send



<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"

    ....

<samlp:RequestedAuthnContext Comparison="minimum">
<saml:AuthnContextClassRef>
urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
</saml:AuthnContextClassRef>
</samlp:RequestedAuthnContext>
</samlp:AuthnRequest>


Is this possible with Keycloak? And if so, how can this be done?

Kind regards,

Sjef Hoeks




Sjef Hoeks
Technisch Architect

[cid:GOUWit_logo_3612b840-badb-433c-9c06-73aec15567bc.jpg]

Gouw Informatie Technologie bv
Hogeweg 5, 5301 LB Zaltbommel
Postbus 98, 5300 AB Zaltbommel
T 0418 511 522
M
E s.hoeks at gouwit.nl
I www.gouwit.nl
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160615/738e7893/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: GOUWit_logo_3612b840-badb-433c-9c06-73aec15567bc.jpg
Type: image/jpeg
Size: 69071 bytes
Desc: GOUWit_logo_3612b840-badb-433c-9c06-73aec15567bc.jpg
Url : http://lists.jboss.org/pipermail/keycloak-user/attachments/20160615/738e7893/attachment-0001.jpg 


More information about the keycloak-user mailing list