[keycloak-user] For tomcat SAML adapter, is /saml required in URL?

ken edward kedward777 at gmail.com
Tue Jun 13 10:17:16 EDT 2017


Thank you Bill,

Does the URL have end with /saml or just include "/saml within the URL
(https://example.com/myapp/saml/subdir or just /myapp/saml ??)

Ken

On Mon, Jun 12, 2017 at 6:47 PM, Bill Burke <bburke at redhat.com> wrote:
> I'm pretty sure every adapter requires this.  This is because of the
> SAML POST binding.  Adapter has to eat the input stream of the request
> just to determine if it is a SAML request.  There's no nice way of
> putting that data back so that an application can consume it instead.
>
>
> On 6/12/17 3:52 PM, ken edward wrote:
>> Hello,
>>
>> I am implementing the tomcat SAML adapter with the IdP being ADFS.
>>
>> QUESTION:
>> 1.) I see the below reference in the doc that seems to say the /saml
>> needs to the appended to the URL of the SP? or is this only for
>> servlet adapter and NOT tomcat adapter that my have servlets?
>>
>> "For each servlet-based adapter, the endpoint you register for the
>> assert consumer service URL and and single logout service must be the
>> base URL of your servlet application with /saml appended to it, that
>> is, https://example.com/contextPath/saml."
>>
>> as in the below ???
>>
>>
>>      <SP entityID="http://localhost:8081/sales-post-sig/saml"
>>          sslPolicy="EXTERNAL"
>>          nameIDPolicyFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
>>          logoutPage="/saml/logout.jsp"
>>          forceAuthentication="false"
>>          isPassive="false"
>>          turnOffChangeSessionIdOnLogin="false">
>>          <Keys>
>>              <Key signing="true" >
>>                  <KeyStore resource="/WEB-INF/keystore.jks" password="store123">
>>                      <PrivateKey
>> alias="http://localhost:8080/sales-post-sig/" password="test123"/>
>>                      <Certificate alias="http://localhost:8080/sales-post-sig/"/>
>>                  </KeyStore>
>>              </Key>
>>          </Keys>
>>
>> Ken
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user


More information about the keycloak-user mailing list