[keycloak-user] Fw: SSO saml and jwt client
Dmitry Telegin
dt at acutus.pro
Mon Dec 17 23:58:19 EST 2018
Hi John,
Thanks for pointing this out - in my original message I was about to write "...and check that your client doesn't have Force Authentication turned on", but recalled that this is for brokered SAML IdPs only :)
Dmitry
On Mon, 2018-12-17 at 08:32 -0500, John Dennis wrote:
> On 12/16/18 10:12 PM, Dmitry Telegin wrote:
> > Hello Mahendra,
> >
> > This should work out of the box - after all, that's what SSO is about. Are you sure that both OIDC and SAML clients are in the same Keycloak realm?
>
> And make sure you don't have ForceAuthn set to true in the request. As a
> reminder this is the definition of ForceAuthn: "A Boolean value. If
> "true", the identity provider MUST authenticate the presenter directly
> rather than rely on a previous security context."
>
> > Pod lipami street 339/52, 130 00 Prague 3, Czech Republic
> > +42 (022) 888-30-71
> > E-mail: info at acutus.pro
> >
> >
> > On Fri, 2018-12-14 at 16:04 +0000, Satrasala, Mahendra wrote:
> > > I can SSO across different JWT clients but if I try to access a SAML client, I am redirected to the login page even if I have an active session for the user in keycloak after an OIDC authentication.
> > >
> > >
> > > Is it possible to automatically authenticate the user for the SAML client? Simply put, I am trying to get a SAML assertion on behalf of the user after OIDC authentication.
> > >
> > >
> > > Thanks in advance!!
> > >
> > >
> > >
> > > _______________________________________________
> > > keycloak-user mailing list
> > > keycloak-user at lists.jboss.org
> > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
>
More information about the keycloak-user
mailing list