[keycloak-user] ADFS integration issue
Dmitry Korchemkin
moon3854 at gmail.com
Tue Mar 28 10:12:07 EDT 2017
Hello,
I was trying to configure adfs brokering in keycloak using this article
from a few days ago:
http://blog.keycloak.org/2017/03/how-to-setup-ms-ad-fs-30-as-brokered.html
However, i faced an issue when setting up relying trust in ADFS. The
article suggests i give adfs this url:
https://<hostname>:8443/auth/realms/saml-broker-authentication-realm/broker/adfs/endpoint/descriptor.
This page indeed produces an xml with all the configuration option.
It is consumed by ADFS with no visible errors (when i had cert mismatch it
was refusing to import), but Keycloak prints the following in its log:
15:06:57,850 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (default
task-3) RESTEASY002010: Failed to execute: javax.ws.rs.NotFoundException:
RESTEASY003210: Could not find resource for full path:
https://10.0.2.2:8443/auth/realms/saml-broker-authentication-realm/broker/saml/endpoint/descriptor/FederationMetadata/2007-06/FederationMetadata.xml
I'm pretty sure keycloak does not have FederationMetadata.xml, which is why
the error appears. However, i don't see any option to tell ADFS which xml
to use when importing from url. When imported from File there were no
problems and i've finished the integration successfully.
I'm using keycloak 2.5.4.Final and Windows Server 2016.
More information about the keycloak-user
mailing list