How to set SAML endpoint configuration via REST API?

Hi. I’m running an Apache Reverse Proxy + Mellon form a Docker container with Keycloak and Camunda also inside their own containers on the same host. I’ve been trying to automate configuration of Keycloak from Mellon to register the Proxy as a Realm Client.

It’s all looking awesome, except Mellon will constantly redirect browser login requests to Keycloak using the internal Docker container hostname, not the external URL that Keycloak can be accessed from.

So I’ve been trying to configure the Realm Client “Master SAML Processing URL” and/or the various “Fine Grain SAML Endpoint Configuration” settings via the Keycloak REST API.

Can someone provide a pointer? I can’t find how to configure this after digging through the REST API docs. Thanks!

Update client config in the Keycloak UI and inspect UI API requests in the browser console. You will find that Master SAML Processing URL = adminUrl attribute in the ClientRepresentation.

Client update is simple PUT request Keycloak Admin REST API

It is not clear what do you want to configure. /auth/realms/myrealm/protocol/saml/descriptor is REALM related, so your really can’t change it from CLIENT configuration. You are mixing problems. Please provide simple input: what is wrong and what is expected result.

1 Like

Ah yes. It’s the realm frontend URL that I’m looking to set. When I pull the SAML descriptor its now set and Mellon will direct browsers to the URL that can access my KeyCloak container. Thanks.

Use the same Keycloak domain/URL everywhere (in the user browser, in the container, …). Otherwise you will have this kind of problems and you will need to hack it. No idea how you can hardcode frontend domain in the Keycloak.

But it is not only about URL. You may have also problem with iss (issuer) claim name validation in the token.