[keycloak-user] Identity Brokering, external IDP require nonce

Marek Posolda mposolda at redhat.com
Mon Mar 26 14:35:54 EDT 2018


You can even download latest Keycloak 4.0.Beta . I think it should be 
there. No even need to build anything from sources :)

Marek

On 26/03/18 16:50, Jérôme Blanchard wrote:
> Hi triton,
> I have submitted a pull request that should fixe that. (
> https://github.com/keycloak/keycloak/pull/5082)
> Could you try with the latest sources and confirm that it works now ?
> Thanks,
> Best regards, Jérôme.
>
> Le lun. 26 mars 2018 à 15:40, triton oidc <triton.oidc at gmail.com> a écrit :
>
>> Hi,
>>
>> in my scenario, i'm using Keycloak as an IDP broker.
>> It works fine with a lot of configuration.
>>
>> I build keycloak from source 3 weeks ago.
>>
>> However the IDP i'm trying to integrate right now requires a nonce in the
>> first call on the authorization endpoint.
>>
>>
>> https://myidp.com/authorize?scope=openid+profile&state=state&response_type=code&client_id=clientid&redirect_uri=redirect_uri
>> fails
>> but if i manually add "&nonce=1234" in the url it works
>>
>> I could not find an option in the external IDP concerning this nonce
>> generation.
>> Did i miss something ?
>> Should i ask for a feature and i'll wait for someone to look at it ?
>>
>> any help would be appreciated
>>
>> Thanks a lot
>>
>> Amaury
>> _______________________________________________
>> keycloak-user mailing list
>> keycloak-user at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user




More information about the keycloak-user mailing list