[keycloak-user] No redirect to original URL after going to identity provider

Tue Sep 13 05:19:05 EDT 2016

Assuming https://lvpalgomi1d.ln.jefco.com:8443/synchronicity/login.jsp  is
the login screen for your SAML identity provider it's correct that should
redirect back to http://lvpalgomi1d.ln.jefco.com:8180/auth/realms/Algomi/
broker/pingfederate_saml/endpoint. At that point Keycloak should
authenticate the user and redirect to your client.

Is your browser stuck on http://lvpalgomi1d.ln.jefco.
com:8180/auth/realms/Algomi/broker/pingfederate_saml/endpoint? What is it
displaying? Are there any errors in the log? Is login working with
username/password directly in Keycloak?

On 12 September 2016 at 19:31, Sarah Phillips <sphillips at jefferies.com>
wrote:

> I have a keycloak 1.9.8 install that I am trying to reconfigure.
>
>
>
> I have a client that tries to authenticate requests to
> https://lvpalgomi1d.ln.jefco.com:8443/synchronicity/*
>
>
>
> I have a saml 2.0 identity provider configured against pingfederate. The
> redirect URI is http://lvpalgomi1d.ln.jefco.com:8180/auth/realms/Algomi/
> broker/pingfederate_saml/endpoint
>
>
>
> When I enter https://lvpalgomi1d.ln.jefco.com:8443/synchronicity/login.jsp
> into a web browser I end up at http://lvpalgomi1d.ln.jefco.
> com:8180/auth/realms/Algomi/broker/pingfederate_saml/endpoint which is
> not what I intend – I would like to be validated and then redirected back
> to the original location.
>
>
>
> Is there another step to redirect the browser back to the original URL?
>
>
>
> I am picking up this task from a colleague who moved on. I have tried
> reading the server-administration-guide but it does not seem to be helping
> with this problem.
>
>
>
> How do I diagnose the issue? What settings do I need to check?
>
>
>
> There are also a couple of ldap providers set up under User Federation. I
> don’t know whether they are needed – I think they were previously used to
> authenticate against ldap but the users are looking for silent/pass-through
> authentication.
>
>
>
> Actually, while I’m here, will SAML 2.0 even support Integrated Windows
> Authentication that I am supposed to be implementing, or must I use
> Kerberos to achieve that?
>
>
>
> Many thanks,
>
> Sarah
>
> Jefferies archives and monitors outgoing and incoming e-mail. The contents
> of this email, including any attachments, are confidential to the ordinary
> user of the email address to which it was addressed. If you are not the
> addressee of this email you may not copy, forward, disclose or otherwise
> use it or any part of it in any form whatsoever. This email may be produced
> at the request of regulators or in connection with civil litigation.
> Jefferies accepts no liability for any errors or omissions arising as a
> result of transmission. Use by other than intended recipients is
> prohibited. In the United Kingdom, Jefferies operates as Jefferies
> International Limited; registered in England: no. 1978621; registered
> office: Vintners Place, 68 Upper Thames Street, London EC4V 3BJ. Jefferies
> International Limited is authorized and regulated by the Financial Conduct
> Authority.
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160913/435800fe/attachment-0001.html 