[keycloak-user] keycloak 5.0 integration with FranceConnect (IDP provider) no longer working

Cédric Couralet cedric at couralet.eu
Mon Apr 15 03:18:18 EDT 2019


Le 2019-04-15 08:58, Olivier Rivat a écrit :
> Hi Cedric,
> 
> Please find attached my demo realm json file of KC 5.0.
> (client secret is strarred).
> 
> TO add the idp provider, I select add user provider and select
> "keycloak openID provider".
> After this, I do select all teh fields manually.
> 

You are using the "Keycloak OpenId Connect" provider which, I think, 
should only be used between two keycloak instances. With France Connect, 
you want to use the "OpenId connect v1.0" provider which will not add 
the Client_Session_State Parameter.

As I said in my first message, you can also try our extension 
https://github.com/InseeFr/Keycloak-FranceConnect which is already 
tested with keycloak 5.0.0.

Cédric

> Regards,
> 
> Olivier Rivat
> 
> Le 15/04/2019 à 08:18, cedric at couralet.eu a écrit :
> 
>> Le Lundi, Avril 15, 2019 08:11 CEST, Olivier Rivat <orivat at janua.fr>
>> a écrit:
>> 
>>> Hi Cedric,
>>> 
>>> I am integrating  KC (SP)  to FranceConnect (IDP) dierctly out of
>>> the box.
>>> I haven't written any KC code module extension and FranceConnect
>>> is
>>> configured as an IDP for KC.
>> 
>> Could you share your Idp configuration (minus the secrets) ?
>> Did you choose "keycloak OpenId Connect" or "OpenId Connect v1.0".
>> How did you test from one version to another (export/import, manual
>> conf, upgrade?)
>> 
>> Cédric,
>> 
>>> FranceConnect Integration is working fine with KC 4.81, but it is
>>> failing with KC 5.00.
>>> Only diff I noticed is that internally there is this
>>> client_session_state flag added with KC 5.0.
>>> This is what makes the integration failing
>>> 
>>> Regards,
>>> 
>>> Olivier Rivat
> 
> --
> 
>  [1] [2] [3]
> 
> Olivier Rivat
> CTO
>  orivat at janua.fr
>  Gsm:  +33(0)682 801 609
> Tél:    +33(0)489 829 238
> Fax:   +33(0)955 260 370
>  http://www.janua.fr [4]
>  		 [3]
> 
> 
> 
> Links:
> ------
> [1] http://www.janua.fr/images/logo-big-sans.png
> [2] http://www.janua.fr/images/LogoSignature.gif
> [3] http://www.janua.fr/images/6g_top.gif
> [4] http://www.janua.fr/


More information about the keycloak-user mailing list