Configuring SAML server + wildfly adapter

NOTE: Due to restrictions in the number of links in a post, I have changed some values in the configuration. Things like “http_localhost” should be read as “http://localhost”.

I am new to SAML & Keycloak. I have already configured an OpenId SP; now I want to configure a SAML SP.

I have the docker server from quay.io/keycloak/keycloak:11.0.2, that is listening at localhost:9080.

I have a brand new WildFly 14.0.1.Final server, I have installed all the components of the keycloak-saml-wildfly-adapter-dist-11.0.2.zip. The server is listening at localhost:8080.

At the docker server, I have created a HelloworldRealm, and in it I have created a helloworldsaml client, with the following configuration

At my wildfly standalone.xml, I have configured:

  <subsystem xmlns="urn:jboss:domain:keycloak-saml:1.3">
  	<secure-deployment name="helloworld.war">
  		<SP entityID="helloworldsaml"
  			sslPolicy="NONE"
  			logoutPage="https_www.disney.com">
  			<IDP entityID="idp"
  				signatureAlgorithm="RSA_SHA256"
  				signatureCanonicalizationMethod="http_www.w3.org/2001/10/xml-exc-c14n#">
  				<SingleSignOnService signRequest="false"
  					validateResponseSignature="true"
  					validateAssertionSignature="false"
  					requestBinding="POST"
  					bindingUrl="http_localhost:9080/auth/realms/helloworldRealm/protocol/saml"/>
  				<SingleLogoutService signRequest="false"
  					signResponse="false"
  					validateRequestSignature="true"
  					validateResponseSignature="true"
  					requestBinding="POST"
  					responseBinding="POST"
  					postBindingUrl="http_localhost:9080/auth/realms/helloworldRealm/protocol/saml"
  					redirectBindingUrl="http_localhost:9080/auth/realms/helloworldRealm/protocol/saml"/>
  			</IDP>
  		</SP>
  	</secure-deployment>
  </subsystem>

At the helloworld.war, I have just changed the login-config:

<login-config>
  <auth-method>KEYCLOAK-SAML</auth-method>
  <realm-name>HelloworldRealm</realm-name>
</login-config>
<security-role>
  <role-name>rol</role-name>
</security-role>

When I access http_localhost/helloworld, I get redirected to http_localhost:9080/auth/realms/helloworldRealm/protocol/saml but I get a “We are sorry -> Invalid Redirect”, the keycloak server log shows the following line

11:31:02,403 WARN [org.keycloak.events] (default task-21) type=LOGIN_ERROR, realmId=helloworldRealm, clientId=null, userId=null, ipAddress=172.17.0.1, error=invalid_redirect_uri

What I am doing wrong?

Thanks in advance