[keycloak-user] [EXTERNAL] Re: Overriding AssertionConsumerServiceURL in

Jacobs, Michael Michael.Jacobs at nuance.com
Thu Apr 6 20:34:05 EDT 2017


I solved this by making my own identity provider SPI that extends from SAMLIdentityProvider, but adds this feature, taking the override from the standalone.xml

I will try to do something similar with the Email Template SPI.

From: Jacobs, Michael [mailto:michael_jacobs at nuance.com]
Sent: Wednesday, April 05, 2017 8:32 AM
To: Bill Burke <bburke at redhat.com>
Cc: keycloak-user at lists.jboss.org
Subject: Re: [EXTERNAL] Re: [keycloak-user] Overriding AssertionConsumerServiceURL in


So what you are saying is that Keycloak, acting as an SP, will send this URL to the IDp, but the IDp can choose not to use it, and just send responses to our F5?

Also, re: the second part of my question, can anything be done about the password reset URL, to have those target  our F5?

Thanks for you help with this,

MJ
On Apr 5, 2017 8:01 AM, Bill Burke <bburke at redhat.com<mailto:bburke at redhat.com>> wrote:
The SP can send ACS URL, this URL will only be used if it is validated
against the Redirect URI patterns that are registered in the
configuration of the client.  Does that answer your question?


On 4/4/17 6:07 PM, Jacobs, Michael wrote:
> For our application we created a SAML Identity Provider to proxy authentication to an outside source.  However we need their response to be sent back to a load-balanced URL on our F5.  The value that I believe controls this is "Redirect URI" in our SAML Provider config, looks like that goes to populate the AssertionConsumerServiceURL in the SAML request.  Redirect URI is not editable in the UI.  Is there a way we can control what gets populated there, so our partner will be directed to send to the load-balanced URL.
>
> We'd also like to control password reset emails links to contain that load-balanced URL, but it does not look like the templating system allows us to manipulate that that level.
>
> MJ
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mailman_listinfo_keycloak-2Duser&d=DwICAg&c=djjh8EKwHtOepW4Bjau0lKhLlu-DxM1dlgP0rrLsOzY&r=AGRIVkkrGet14litX3vdhf_ykaRtxRlysj94q0l8Lu8&m=B5Rzm519tM-Gtr531DC5-SdoVSFKKOvKuG1mnjWUEP0&s=iUK7Hus6wvb5hs9zXzaFQfwbmCv79gDHvrFx3rlVlWE&e=

_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org<mailto:keycloak-user at lists.jboss.org>
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mailman_listinfo_keycloak-2Duser&d=DwICAg&c=djjh8EKwHtOepW4Bjau0lKhLlu-DxM1dlgP0rrLsOzY&r=AGRIVkkrGet14litX3vdhf_ykaRtxRlysj94q0l8Lu8&m=B5Rzm519tM-Gtr531DC5-SdoVSFKKOvKuG1mnjWUEP0&s=iUK7Hus6wvb5hs9zXzaFQfwbmCv79gDHvrFx3rlVlWE&e=


More information about the keycloak-user mailing list