[keycloak-user] ECP example?
Carlos Villegas
cav at uniscope.jp
Mon Oct 17 22:07:01 EDT 2016
Hmm... I saw some classes in the adapters 2.2.1 code about ECP so I did
some experiments.
If I set the adapter as a regular POST binding and then send the headers
Accept: application/vnd.paos+xml
PAOS:
ver="urn:liberty:paos:2003-08";"urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp
the SP seems to respond the right way with a SOAP message that looks
about right. Except it's not sending the Content-type header and then
the Shibboleth java client I'm using to test doesn't react. I then
patched the o.k.adapters.saml.profile.ecp.EcpAuthenticationHandler to
set Content-Type: application/vnd.paos+xml and I get I little bit
further. The client logins to the IDP and gets the tokens but after that
it's not working. But at this point I don't know where the fault is, in
the client or the SP. The client was not sending the right content type
either to the IDP, which according to some other post, should be
text/xml. I fixed that also on the client and seems to do the login now,
I see the correct user attributes in the response. But after that it
seems to get into some loop and I get some authentication error.
Are you saying the adapters' ECP support is not completely functional?
Thanks,
Carlos
On 10/18/2016 3:35 AM, Stian Thorgersen wrote:
> The client adapters doesn't support SAML ECP so you'd need to use a
> different SAML SP library for that.
>
> On 14 October 2016 at 03:59, Carlos Villegas <cav at uniscope.jp
> <mailto:cav at uniscope.jp>> wrote:
>
> I want to secure a servlet REST application. My client is java, so far
> I've been using apache httpclient.
> The Keycloak docs mention SAML ECP binding is supported, but I
> don't see
> an example.
> The admin pages seems to assume only POST or redirect binding.
> Does the client adapter support ECP binding. Any pointers or help
> on how
> to go about it?
> I need help on both the client adapter and how to use Keycloak as
> a SAML
> ECP IDP.
>
> Thanks,
> Carlos
>
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
> https://lists.jboss.org/mailman/listinfo/keycloak-user
> <https://lists.jboss.org/mailman/listinfo/keycloak-user>
>
>
More information about the keycloak-user
mailing list