[keycloak-user] SAML identity broker Client ID/Issuer
Ulrik Nejsum Madsen
unm at greenbyte.dk
Thu Mar 30 05:21:32 EDT 2017
We are trying to configure Keycloak to act as an identity broker for a SAML 2.0 IdP. Using the “quickstarts/app-profile-jee-vanilla” project as a basis, we added the wildfly client adapter and set up an Identity Provider of type SAML 2.0.
Our customer configure an entityID at the IdP. Example:<https://saml.myapp.com/myservice>. We set the Client ID to equal our entityID and expected the Issuer element to contain this value. Keycloak redirects correctly, however, in the AuthnRequest sent to the IdP, the Issuer element contains a URL at the Keycloak server realm (<https://saml.kombit.dk:8543/auth/realms/demo>https://saml.myapp.com/ <https://saml.myapp.com/myservice>auth/realms/demo) and Keycloak stripped part of our Client ID (/myservice).
Is the Issuer value configurable and if so, where?
Thanks
Anders and Ulrik
More information about the keycloak-user
mailing list