I am setting up Keycloak as an identity broker (SAML 2.0). I received the metadata.xml from the IDP and was able to import it succesully in keycloak under the section ‘Identiy Provider’. If a user wants to login, Keycloak offers a link to the external IDP. And the user is able to offer the credentials with this external IDP.
This IDP uses HTTP-Artifact binding. So is sends a reply back to keycloak containing a SAML-artifact (and a RelayState).
From what i understand Keycloak should redirect this SAML-artifact to the ‘Artifact resolution servicel’ of the IDP.
Is this even possible in Keycloak? Can keycloak resolve saml-artifacts? I know i can create a ‘‘Client’’ in Keycloak, that supports artifact-binding. But i am not sure if this is the correct way. Or how i can link this ‘Client’ to the Identity-Provider created in keycloak.
I hope i made myself clear. And thanks in advance for your help.
And if you look at step 7: this is where i am first receiving an SAML-artifact. It is sent to the ‘Redirect Uri’ that i have configured in the Identity-Provider section of Keycloak.
And i need to redirect this SAML artifact to the IDP-artifact-resolution serviceurl. And after that i will receive an ‘Authentication Response’.
And it seems that Keycloak doesnt know what to do with this SAML-artifact.
I don’t come that far. For the moment i don’t have any attributes mapped. I believe that’s in the final step when i receive actual data from the IDP. Or should i map attributes that tell Keycloak what to do with the artifact?
It seems i believe that Keycloak cannot ‘‘read’’ the SAMLartifact. And because of that it doesn’t have a clientID etc.
