I have spring-boot application integrated with keycloak saml using spring saml extension.
I am able to authenticate successfully using SP-initiated authentication.
I want to know how to configure IDP initiated login.
I have also asked the help from stackoverflow :spring boot - How to perform IDP initated login in keycloak saml - Stack Overflow
Im using keycloak v16.1.1
My custom spring-boot application can generate the SP metadata.xml. Please help.
Regards,
Manjosh Ramesh
This post is somewhat old, but I have used it as a guide when implementing IdP initiated login. The example is specific to Okta SAML, but it shouldn’t be too hard to adapt it to other IdP types: https://www.lisenet.com/2020/keycloak-with-okta-idp-initiated-sso-login/
The Keycloak docs are here, but I’ve found them fairly hard to follow: keycloak-documentation/idp-initiated-login.adoc at main · keycloak/keycloak-documentation · GitHub
From the SP metadata.xml, I copied the AssertionConsumerService binding URL and added it to the Assertion Consumer Service Post Binding URL in the fine grain saml endpoint configuration section in keycloak.
Also, add the IDP-initiated SSO URL name. It displayed a target URL and when calling this URL, I’m able to do IDP initiated login.
I hope this is it. Will post if I find any issues.
FYI, there’s also a thread going right now on the mailing list on this subject:
https://groups.google.com/g/keycloak-user/c/s_sVxPGLhCs