Configuring Oracle IDCS as Identity Provider

Hello Team,

I am trying to configure Oracle IDCS as a third-party Identity provider using SAML protocol.

I have successfully entered the 3rd party identity provider configuration of Oracle IDCS in Keycloak and extracted the Service Provider details from Keycloak and configured the SAML application configuration in Oracle IDCS.

I am also able to see the Oracle IDCS as an alternate login option when I try to login into my application, the issue is happening when I click the login with IDCS as an option, am getting redirected to an IDCS page with an error (instead of IDCS login page). I had raised an Oracle SR to look at any issue with the Oracle IDCS SAML application configuration and Oracle did an analysis of the transaction and reverted it as an issue in the Keycloak configuration.
It will be really helpful if it is an issue in the Keycloak configuration.

Response of Oracle IDCS

The Assertion Consumer URL- https:///auth/realms/keycloak-demo/broker/Oracle%20IDCS%20saml/endpoint ( encoded form ) When we decoded that one in place of % we found space but we believe space is not an issue.

The error message what we got = " {“errors”:[{“code”:“SAML-1000”, “originalError”: “error.samlsrv.idp.sso.ACSURLNotValidated”}]} "
Cause : That would happen if we receive an unsigned AuthnRequest that specifies an ACS URL that isn’t in the config/metadata
In deed, the ACS is incorrect in the SAML Request.

End result- The assertion consumer URL is incorrect in SAML Request.

Hence SAML request is created by SP since this is SP initiated flow. So you need to check with SP ( Keycloak ) for this.