[keycloak-user] keycloak 5.0 integration with FranceConnect (IDP provider) no longer working

Hans Zandbelt hans.zandbelt at zmartzone.eu
Mon Apr 15 03:16:44 EDT 2019 

France Connect IDP is not ignoring extra parameters in the token request as
the spec dictates; this has also proven to be a problem with other OIDC RPs

Hans.

On Mon, Apr 15, 2019 at 9:03 AM <keycloak-user-request at lists.jboss.org>
wrote:

>
> Hi Cedric,
>
> Please find attached my demo realm json file of KC 5.0.
> (client secret is strarred).
>
> TO add the idp provider, I select add user provider and select "keycloak
> openID provider".
> After this, I do select all teh fields manually.
>
>
> Regards,
>
> Olivier Rivat
>
>
>
>
> Le 15/04/2019 ? 08:18, cedric at couralet.eu a ?crit?:
> > Le Lundi, Avril 15, 2019 08:11 CEST, Olivier Rivat <orivat at janua.fr> a
> ?crit:
> >
> >> Hi Cedric,
> >>
> >> I am integrating? KC (SP)? to FranceConnect (IDP) dierctly out of the
> box.
> >> I haven't written any KC code module extension and FranceConnect is
> >> configured as an IDP for KC.
> >>
> > Could you share your Idp configuration (minus the secrets) ?
> > Did you choose "keycloak OpenId Connect" or "OpenId Connect v1.0". How
> did you test from one version to another (export/import, manual conf,
> upgrade?)
> >
> > C?dric,
> >
> >
> >> FranceConnect Integration is working fine with KC 4.81, but it is
> >> failing with KC 5.00.
> >> Only diff I noticed is that internally there is this
> >> client_session_state flag added with KC 5.0.
> >> This is what makes the integration failing
> >>
> >> Regards,
> >>
> >> Olivier Rivat
> >>
> --
>
>
> <http://www.janua.fr/images/logo-big-sans.png><
> http://www.janua.fr/images/LogoSignature.gif>
>
>         <http://www.janua.fr/images/6g_top.gif>
>
> Olivier Rivat
> CTO
> orivat at janua.fr <mailto:dchikhaoui at janua.fr>
> Gsm: +33(0)682 801 609
> T?l: +33(0)489 829 238
> Fax: +33(0)955 260 370
> http://www.janua.fr <http://www.janua.fr/>
>         <http://www.janua.fr/images/6g_top.gif>
>
>
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: KC_5.0_export.json
> Type: application/json
> Size: 38894 bytes
> Desc: not available
> Url :
> http://lists.jboss.org/pipermail/keycloak-user/attachments/20190415/666e0756/attachment.bin
>
> ------------------------------
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
> End of keycloak-user Digest, Vol 64, Issue 41
> *********************************************
>


-- 
hans.zandbelt at zmartzone.eu
ZmartZone IAM - www.zmartzone.eu

More information about the keycloak-user mailing list