Dear users
I am trying to configure a SAML service provider with Keycloak as the identity provider.
The service provider has an AWS-like setup, but it’s not AWS. One of the similarity here is how it issues temporary keys for accesing its resource. One way to obtain these keys is by giving it a SAMLResponse token / value from a SAML IdP, which is why I am trying to get this from Keycloak.
One use case we have is to access the service provider via the command line (that is, browserless). I have come to understand that for SAML, one can use the ECP (enhanced client or proxy) profile to do such browserless authentication.
The thing is, the service provider actually does not have a page where one can log in with SAML. It just has a REST endpoint where users are expected to supply a SAML response token. I am not sure how to do this, or if this is even possible.
My investigation has led me to believe that the ECP flow, if it can be initiated from the IdP, is the way to go here. But I am not sure.
Is this the way to go? If so, how can I configure such a flow with Keycloak (i.e. which URLs should I hit and what are the headers and/or parameters that I should send)?