Hey,
i’ve got an similar scenario like KCnewb in Configure ADFS as SP (Client) in Keycloak
Windows AD FS Server with Relying Party Trust Applications (SAML & OIDC)
Windows AD FS Server with Claims Provider Trust to keycloak
Keycloak 25.06. with SAML Client (Imported from AD FS FederationMetadata.xml)
I get an error after clicking the correct IdP at AD FS Home Realm Discovery page. The UI in my browser shows “invalid requester”. The keycloak service log shows “request validation failed: org.keycloak.common.VerificationException: SigAlg was null”
I tried to import the signing certificate of the AD FS Service into a SPI Truststore of keycloak but that didn’t work.
I also tried to set “SAML signature key name ” to “CERT_SUBJECT”
The only way it worked for me was: Disable “Client signature required” and “encrypt assertons” in the “Keys” Tab of the keycloak SAML Client
I would like to know how to get this working with Client signature required as a minimum. Does someone have expierience with this scenario?
EDIT:
I found the solution. It is necessary to set “SAML signature key name ” to “CERT_SUBJECT” and an extra ADFS Paramter via PowerShell cmdlet Set-AdfsClaimsProviderTrust -SignedSamlRequestsRequired $true