[keycloak-user] Keycloak SAML Invalid response
Dmitry Telegin
dt at acutus.pro
Wed Aug 29 21:41:07 EDT 2018
Hello Rémi,
Could you please open your client settings in Keycloak and try the following:
- change Name ID format to email;
- under the Mappers tab, add builtin X500 email mapper;
- under the same tab, create user property mapper with Property = email, SAML Attribute Name = email and SAML Attribute NameFormat = basic.
Let me know if this helps. If it doesn't, we can examine SAML payloads from Auth0 exchange and try to understand what's required by Workplace.
Cheers,
Dmitry Telegin
CTO, Acutus s.r.o.
Keycloak Consulting and Training
Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
+42 (022) 888-30-71
E-mail: info at acutus.pro
On Tue, 2018-08-28 at 09:14 +0000, Rémi GOYARD wrote:
> Hi All,
>
> I just tried to use the Auth0 service and it worked with Workplace by facebook (following this documentation : https://scontent-cdt1-1.xx.fbcdn.net/v/t39.2365-6/33246377_951880651638808_7491240743177027584_n.pdf?_nc_cat=0&oh=266ec47aacfd6aad53e67d33b4b5a502&oe=5C2DC62A)
>
> It seems that keycloak do not produce a Valid response for the email mapping, The above documentation precise the following configuration steps but I really don’t know how to map it In Keycloak :
>
> {
> > "audience": "https://www.facebook.com/company/ID”,
> > "recipient": "https://workplace.facebook.com/work/saml.php”,
> "mappings": { "email": "Email", },
> "nameIdentifierFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:email”,
> "nameIdentifierProbes”: [ "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" ],
> }
>
> I think that I need to precise the informations : "nameIdentifierFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:email”,
> "nameIdentifierProbes”: [ "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" ],
>
> Does anyone have ideas ?
>
> Regards
>
> Rémi
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
More information about the keycloak-user
mailing list