[keycloak-user] keycloak 5.0 integration with FranceConnect (IDP provider) no longer working
Cédric Couralet
cedric at couralet.eu
Mon Apr 15 03:18:18 EDT 2019
Le 2019-04-15 08:58, Olivier Rivat a écrit :
> Hi Cedric,
>
> Please find attached my demo realm json file of KC 5.0.
> (client secret is strarred).
>
> TO add the idp provider, I select add user provider and select
> "keycloak openID provider".
> After this, I do select all teh fields manually.
>
You are using the "Keycloak OpenId Connect" provider which, I think,
should only be used between two keycloak instances. With France Connect,
you want to use the "OpenId connect v1.0" provider which will not add
the Client_Session_State Parameter.
As I said in my first message, you can also try our extension
https://github.com/InseeFr/Keycloak-FranceConnect which is already
tested with keycloak 5.0.0.
Cédric
> Regards,
>
> Olivier Rivat
>
> Le 15/04/2019 à 08:18, cedric at couralet.eu a écrit :
>
>> Le Lundi, Avril 15, 2019 08:11 CEST, Olivier Rivat <orivat at janua.fr>
>> a écrit:
>>
>>> Hi Cedric,
>>>
>>> I am integrating KC (SP) to FranceConnect (IDP) dierctly out of
>>> the box.
>>> I haven't written any KC code module extension and FranceConnect
>>> is
>>> configured as an IDP for KC.
>>
>> Could you share your Idp configuration (minus the secrets) ?
>> Did you choose "keycloak OpenId Connect" or "OpenId Connect v1.0".
>> How did you test from one version to another (export/import, manual
>> conf, upgrade?)
>>
>> Cédric,
>>
>>> FranceConnect Integration is working fine with KC 4.81, but it is
>>> failing with KC 5.00.
>>> Only diff I noticed is that internally there is this
>>> client_session_state flag added with KC 5.0.
>>> This is what makes the integration failing
>>>
>>> Regards,
>>>
>>> Olivier Rivat
>
> --
>
> [1] [2] [3]
>
> Olivier Rivat
> CTO
> orivat at janua.fr
> Gsm: +33(0)682 801 609
> Tél: +33(0)489 829 238
> Fax: +33(0)955 260 370
> http://www.janua.fr [4]
> [3]
>
>
>
> Links:
> ------
> [1] http://www.janua.fr/images/logo-big-sans.png
> [2] http://www.janua.fr/images/LogoSignature.gif
> [3] http://www.janua.fr/images/6g_top.gif
> [4] http://www.janua.fr/
More information about the keycloak-user
mailing list