[keycloak-user] Re-2: SAML quickstart example

Tappe, Heiko tappe at transdata.net
Tue Feb 20 09:09:12 EST 2018


> No, it's not correct AFAIK. Method KEYCLOAK can be used just if you 
> installed the OpenID Connect keycloak adapter subsystem into your 
> Wildfly and it's useful just for OpenID Connect clients. SAML clients 
> need KEYCLOAK-SAML authentication mechanism.
> 
> Why you changed that? Is it stated in some documentation or README that 
> SAML clients are supposed to use KEYCLOAK method? If yes, it's not 
> correct and we should likely fix it.


No. I changed it because of the error I mentioned and I wanted to give it a try after some research on the internet where I found some stuff with "KEYCLOAK" instead of "KEYCLOAK-SAML".


But by mentioning my mistake with KEYCLOAK / KEYCLOAK-SAML you helped me to get on the right track.
I started from scratch and now it works as expected. I think something went wrong when I tried to install the Wildfly SAML adapter.




Thanks a lot for your help!


--Heiko






Original Message processed by david® 
Re: [keycloak-user] SAML quickstart example 20. Februar 2018, 14:15 Uhr 
Von Marek Posolda 
An (2) tdtappe|keycloak-user at lists.jboss.org 

On 20/02/18 14:01, tdtappe wrote:
> Doing my first steps with keycloak I successfully setup a keycloak
> (3.4.3.Final) instance and explored the vanilla sample app. Now I want to
> try the SAML sample app (app-profile-saml-jee-jsp).
> After modifying the web.xml to use KEYCLOAK instead of KEYCLOAK-SAML as the
> auth-method (I was getting an error: "Unknown authentication mechanism
> KEYCLOAK-SAML") I was able to build and deploy the app to my Wildfly 10.1
> instance.
> Question: Was it correct to change the auth-method to KEYCLOAK?
No, it's not correct AFAIK. Method KEYCLOAK can be used just if you 
installed the OpenID Connect keycloak adapter subsystem into your 
Wildfly and it's useful just for OpenID Connect clients. SAML clients 
need KEYCLOAK-SAML authentication mechanism.

Why you changed that? Is it stated in some documentation or README that 
SAML clients are supposed to use KEYCLOAK method? If yes, it's not 
correct and we should likely fix it.

Marek
>
> If I now access the sample app and click on "Login" (or trying to access
> profile.jsp) I get a "Forbidden" error.
> AFAICT, I set up keycloak for the sample app as decribed in the
> documentation/readme.
>
> Any ideas?
>
> --Heiko
>
>
>
> --
> Sent from: http://keycloak-user.88327.x6.nabble.com/
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

To: keycloak-user at lists.jboss.org
    mposolda at redhat.com


More information about the keycloak-user mailing list