[keycloak-user] For tomcat SAML adapter, is /saml required in URL?
ken edward
kedward777 at gmail.com
Mon Jun 12 15:52:49 EDT 2017
Hello,
I am implementing the tomcat SAML adapter with the IdP being ADFS.
QUESTION:
1.) I see the below reference in the doc that seems to say the /saml
needs to the appended to the URL of the SP? or is this only for
servlet adapter and NOT tomcat adapter that my have servlets?
"For each servlet-based adapter, the endpoint you register for the
assert consumer service URL and and single logout service must be the
base URL of your servlet application with /saml appended to it, that
is, https://example.com/contextPath/saml."
as in the below ???
<SP entityID="http://localhost:8081/sales-post-sig/saml"
sslPolicy="EXTERNAL"
nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
logoutPage="/saml/logout.jsp"
forceAuthentication="false"
isPassive="false"
turnOffChangeSessionIdOnLogin="false">
<Keys>
<Key signing="true" >
<KeyStore resource="/WEB-INF/keystore.jks" password="store123">
<PrivateKey
alias="http://localhost:8080/sales-post-sig/" password="test123"/>
<Certificate alias="http://localhost:8080/sales-post-sig/"/>
</KeyStore>
</Key>
</Keys>
Ken
More information about the keycloak-user
mailing list