[keycloak-user] For tomcat SAML adapter, is /saml required in URL?
ken edward
kedward777 at gmail.com
Tue Jun 13 10:17:16 EDT 2017
Thank you Bill,
Does the URL have end with /saml or just include "/saml within the URL
(https://example.com/myapp/saml/subdir or just /myapp/saml ??)
Ken
On Mon, Jun 12, 2017 at 6:47 PM, Bill Burke <bburke at redhat.com> wrote:
> I'm pretty sure every adapter requires this. This is because of the
> SAML POST binding. Adapter has to eat the input stream of the request
> just to determine if it is a SAML request. There's no nice way of
> putting that data back so that an application can consume it instead.
>
>
> On 6/12/17 3:52 PM, ken edward wrote:
>> Hello,
>>
>> I am implementing the tomcat SAML adapter with the IdP being ADFS.
>>
>> QUESTION:
>> 1.) I see the below reference in the doc that seems to say the /saml
>> needs to the appended to the URL of the SP? or is this only for
>> servlet adapter and NOT tomcat adapter that my have servlets?
>>
>> "For each servlet-based adapter, the endpoint you register for the
>> assert consumer service URL and and single logout service must be the
>> base URL of your servlet application with /saml appended to it, that
>> is, https://example.com/contextPath/saml."
>>
>> as in the below ???
>>
>>
>> <SP entityID="http://localhost:8081/sales-post-sig/saml"
>> sslPolicy="EXTERNAL"
>> nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
>> logoutPage="/saml/logout.jsp"
>> forceAuthentication="false"
>> isPassive="false"
>> turnOffChangeSessionIdOnLogin="false">
>> <Keys>
>> <Key signing="true" >
>> <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
>> <PrivateKey
>> alias="http://localhost:8080/sales-post-sig/" password="test123"/>
>> <Certificate alias="http://localhost:8080/sales-post-sig/"/>
>> </KeyStore>
>> </Key>
>> </Keys>
>>
>> Ken
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list