I am configuring an ADFS SSO login to Keycloak.
Implement IDP initiated SSO login from Active Directory Federation Service (ADFS) to Keycloak.
After initiating the login from adfs, the saml response is passed, on the keycloak side the response is not accepted. The error from Keycloak indicates an issue in the Format of the SAML response.
I have deployed my Keycloak using the helm chart (1.16.0) in the Kubernetes cluster.
After setting the ADFS relying party (Endpoint given : https*://aut**o. com /realms/AdfsSSO/broker/samladfs/endpoint/clients/idpsso )and claim issuance policy, I have tried login from the adfs aspx page and saml response was generated.
But from the Keycloak I was getting “We are sorry, Invalid Requester” message.
I was getting the below log from the Keycloak logs:
ERROR [org.keycloak.broker.saml.SAMLEndpoint] (executor-thread-46) no principal in assertion; expected: SUBJECT
2023-11-10 WARN [org.keycloak.events] (executor-thread-46) type=IDENTITY_PROVIDER_RESPONSE_ERROR, realmId=34085c5-2b014594336a, clientId=null, userId=null, ipAddress=10..28, error=invalid_saml_response, authSessionParentId=57e11***9864, authSessionTabId=QfRw20wXtO0
Section of SAML response from ADFS :
Please help to resolve the issue.