[keycloak-user] ADFS integration issue

Hynek Mlnarik hmlnarik at redhat.com
Tue Mar 28 15:01:28 EDT 2017


It is the other way round - as RESTEASY003210 was found in keycloak's
log, something (maybe ADFS) attempted to access the nonexistent URL in
Keycloak.

I don't know about W2016 as I don't have it anywhere so I cannot check
whether import does not try ADFS-like descriptor url (that part after
.../descriptor/) automatically. AFAIK, W2012 does not do that, at
least I've not been able to reproduce this behaviour. I'm no ADFS
expert though.

Did you enter exactly
"https://10.0.2.2:8443/auth/realms/saml-broker-authentication-realm/broker/saml/endpoint/descriptor"
for the import URL in relying trust party setup? Can you please double
check? If the same issue happens again, I'll update the blog with a
new "common issue".

Thanks,

--Hynek


On Tue, Mar 28, 2017 at 4:44 PM, Marc Boorshtein
<marc.boorshtein at tremolosecurity.com> wrote:
>> 15:06:57,850 ERROR [org.jboss.resteasy.resteasy_jaxrs.i18n] (default
>> task-3) RESTEASY002010: Failed to execute: javax.ws.rs.NotFoundException:
>> RESTEASY003210: Could not find resource for full path:
>> https://10.0.2.2:8443/auth/realms/saml-broker-authentication-realm/broker/saml/endpoint/descriptor/FederationMetadata/2007-06/FederationMetadata.xml
>>
>
> looks like keycloak is trying to load adfs' metadata so use
> https://adfs.server.com/FederationMetadata/2007-06/FederationMetadata.xml
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user



-- 

--Hynek


More information about the keycloak-user mailing list