[keycloak-user] [External] Re: Keycloak IDP Brokering + Spring Boot/Angular

Yildirim, Suleyman suleyman.yildirim at accenture.com
Wed Apr 18 04:49:11 EDT 2018 

Hello Rodriguez,

Thanks a lot.  I will try the links. Our application will act as SP and we will use client's Microsoft ADFS as IDP. Once the user browse the front-end (e.g.: http://localhost:5005 ), the SP will send the metadata to IDP etc.. The problem is how to initiate this.

Thanks,
Suleyman

-----Original Message-----
From: keycloak-user-bounces at lists.jboss.org [mailto:keycloak-user-bounces at lists.jboss.org] On Behalf Of Luis Rodríguez Fernández
Sent: 13 April 2018 17:20
To: keycloak-user at lists.jboss.org
Subject: [External] Re: [keycloak-user] Keycloak IDP Brokering + Spring Boot/Angular

Hello Suleyman,


The sample [1] application of the spring-security-saml [2] worked like a charm for me for the. I just needed to specify the metadata URL of my idp in org.opensaml.saml2.metadata.provider.HTTPMetadataProvider bean of sample/src/main/webapp/WEB-INF/securityContext.xml [3] In my setup I was using openAM as IdP

In your case I iimagine that you have to register ADFS as IdP [4], get the SP metadata [5] and use it in your app? Or perhaps you have to register your app as a saml client [6]

Hope it helps,

[1]
https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_spring-2Dprojects_spring-2Dsecurity-2Dsaml_tree_develop_sample&d=DwICAg&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=W6co1eMBjqBh4emCmcok5fidBI1eOf715bxeMRmm3-g&m=fCPaCrcLez8ASH62RopjIxHvKCbl3uA2fF4Yhfot86c&s=yYkTPYik3OkO8oBo-3jeC6B3XH74Bn07kfikShxQT1o&e=
[2] https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_spring-2Dprojects_spring-2Dsecurity-2Dsaml&d=DwICAg&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=W6co1eMBjqBh4emCmcok5fidBI1eOf715bxeMRmm3-g&m=fCPaCrcLez8ASH62RopjIxHvKCbl3uA2fF4Yhfot86c&s=WXylYuwLapUl5R9QcjdxovK4m274uVGS56PCzefE_3s&e=
[3]
https://urldefense.proofpoint.com/v2/url?u=https-3A__docs.spring.io_spring-2Dsecurity-2Dsaml_docs_1.0.0.RELEASE_reference_html_chapter-2Dquick-2Dstart.html&d=DwICAg&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=W6co1eMBjqBh4emCmcok5fidBI1eOf715bxeMRmm3-g&m=fCPaCrcLez8ASH62RopjIxHvKCbl3uA2fF4Yhfot86c&s=scCL-oo1moIefFzY6yhqohk_fvs1fuJg-Yqs38Bl8KM&e=
[4]
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.keycloak.org_docs_latest_server-5Fadmin_index.html-23saml-2Dv2-2D0-2Didentity-2Dproviders&d=DwICAg&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=W6co1eMBjqBh4emCmcok5fidBI1eOf715bxeMRmm3-g&m=fCPaCrcLez8ASH62RopjIxHvKCbl3uA2fF4Yhfot86c&s=hqPuTi8W2sxFr15XQ5X28f4AIzlAuryjAxFgdbgzu80&e=
[5]
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.keycloak.org_docs_latest_server-5Fadmin_index.html-23-5Fidentity-5Fbroker-5Fsaml-5Fsp-5Fdescriptor&d=DwICAg&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=W6co1eMBjqBh4emCmcok5fidBI1eOf715bxeMRmm3-g&m=fCPaCrcLez8ASH62RopjIxHvKCbl3uA2fF4Yhfot86c&s=VRSUCbkJv1_djKzq3Gca42SrDlZUFTW7pMpxT6HDpFQ&e=
[6]
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.keycloak.org_docs_latest_server-5Fadmin_index.html-23saml-2Dclients&d=DwICAg&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=W6co1eMBjqBh4emCmcok5fidBI1eOf715bxeMRmm3-g&m=fCPaCrcLez8ASH62RopjIxHvKCbl3uA2fF4Yhfot86c&s=YrJBuId_pagLiuGhqElDni2x4GEDTdEdR3BgzuRiuFk&e=






2018-04-11 17:17 GMT+02:00 Yildirim, Suleyman <
suleyman.yildirim at accenture.com>:

> Hi all,
>
> As a novice person in security and Keycloak, I have setup Keycloak
> Identity Provider to interact with ADFS using link
> https://urldefense.proofpoint.com/v2/url?u=http-3A__blog.keycloak.org_2017_03_how-2Dto-2Dsetup-2Dms-2Dad-2Dfs-2D30-2Das-2Dbrokered.html&d=DwICAg&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=W6co1eMBjqBh4emCmcok5fidBI1eOf715bxeMRmm3-g&m=fCPaCrcLez8ASH62RopjIxHvKCbl3uA2fF4Yhfot86c&s=O5WSElSIYqrYzBU8z42mtS3ZpqF6flyBB9WK4mPIS5g&e=.
> I wonder how we test this setting using Angular and Spring Boot. Some
> details are below:
>
> We are using Angular 1.x and Spring Boot for the project. I have
> implemented SSO with open id connect but implementation part of SAML
> is still confusing. There are tutorials for OpenID connect but not with SAML.
> How do we send SAML request to external ADFS using IDP broker using
> Spring Boot/Angular? Do I need to use Java adapters for that?
>
> Best Regards,
> Suleyman
>
>
> ________________________________
>
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise confidential information. If you
> have received it in error, please notify the sender immediately and
> delete the original. Any other use of the e-mail by you is prohibited.
> Where allowed by local law, electronic communications with Accenture
> and its affiliates, including e-mail and instant messaging (including
> content), may be scanned by our systems for the purposes of
> information security and assessment of internal compliance with Accenture policy. Your privacy is important to us.
> Accenture uses your personal data only in compliance with data
> protection laws. For further information on how Accenture processes
> your personal data, please see our privacy statement at
> https://www.accenture.com/us- en/privacy-policy.
> ____________________________________________________________
> __________________________
>
> www.accenture.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_m
> ailman_listinfo_keycloak-2Duser&d=DwICAg&c=eIGjsITfXP_y-DLLX0uEHXJvU8n
> OHrUK8IrwNKOtkVU&r=W6co1eMBjqBh4emCmcok5fidBI1eOf715bxeMRmm3-g&m=fCPaC
> rcLez8ASH62RopjIxHvKCbl3uA2fF4Yhfot86c&s=L4_zG-BD23rrfkDTTtBo0rs7aVAHk
> HhVEesVkpdeNHw&e=
>



--

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better."

- Samuel Beckett
_______________________________________________
keycloak-user mailing list
keycloak-user at lists.jboss.org
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.jboss.org_mailman_listinfo_keycloak-2Duser&d=DwICAg&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=W6co1eMBjqBh4emCmcok5fidBI1eOf715bxeMRmm3-g&m=fCPaCrcLez8ASH62RopjIxHvKCbl3uA2fF4Yhfot86c&s=L4_zG-BD23rrfkDTTtBo0rs7aVAHkHhVEesVkpdeNHw&e=

________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy.
______________________________________________________________________________________

www.accenture.com

More information about the keycloak-user mailing list