NOTE: Due to restrictions in the number of links in a post, I have changed some values in the configuration. Things like “http_localhost” should be read as “http://localhost”.
I am new to SAML & Keycloak. I have already configured an OpenId SP; now I want to configure a SAML SP.
I have the docker server from Quay, that is listening at localhost:9080.
I have a brand new WildFly 14.0.1.Final server, I have installed all the components of the keycloak-saml-wildfly-adapter-dist-11.0.2.zip. The server is listening at localhost:8080.
At the docker server, I have created a HelloworldRealm, and in it I have created a helloworldsaml client, with the following configuration
At my wildfly standalone.xml, I have configured:
<subsystem xmlns="urn:jboss:domain:keycloak-saml:1.3"> <secure-deployment name="helloworld.war"> <SP entityID="helloworldsaml" sslPolicy="NONE" logoutPage="https_www.disney.com"> <IDP entityID="idp" signatureAlgorithm="RSA_SHA256" signatureCanonicalizationMethod="http_www.w3.org/2001/10/xml-exc-c14n#"> <SingleSignOnService signRequest="false" validateResponseSignature="true" validateAssertionSignature="false" requestBinding="POST" bindingUrl="http_localhost:9080/auth/realms/helloworldRealm/protocol/saml"/> <SingleLogoutService signRequest="false" signResponse="false" validateRequestSignature="true" validateResponseSignature="true" requestBinding="POST" responseBinding="POST" postBindingUrl="http_localhost:9080/auth/realms/helloworldRealm/protocol/saml" redirectBindingUrl="http_localhost:9080/auth/realms/helloworldRealm/protocol/saml"/> </IDP> </SP> </secure-deployment> </subsystem>
At the helloworld.war, I have just changed the login-config:
<login-config> <auth-method>KEYCLOAK-SAML</auth-method> <realm-name>HelloworldRealm</realm-name> </login-config> <security-role> <role-name>rol</role-name> </security-role>
When I access http_localhost/helloworld, I get redirected to http_localhost:9080/auth/realms/helloworldRealm/protocol/saml but I get a “We are sorry → Invalid Redirect”, the keycloak server log shows the following line
11:31:02,403 WARN [org.keycloak.events] (default task-21) type=LOGIN_ERROR, realmId=helloworldRealm, clientId=null, userId=null, ipAddress=172.17.0.1, error=invalid_redirect_uri
What I am doing wrong?
Thanks in advance