Hello all,
I am super new to Keycloak, and it looks like it will support my use case… However, I am struggling a bit
I have no idea what url I need to redirect my user to when they click the login button in my application.
I have setup a realm, as well as a client in the Keycloak admin console.
Thank you in advance for any assistance.
Check the realm configurations, on the bottom are two links that produce all relevant info for SAML as well as for OIDC
Thanks, I tried using that before, but yielded an error.
So now, I am using a signin endpoint that looks like this:
http://{keycloak_url}:8180/auth/realms/{realm_name}/protocol/saml.
The application that I am using required me to provide a X509 certificate. I am not sure what to provide here.
On the client on the realm, I see a keys tab (signing keys and encryption keys). Should I be using one of these? I tried setting up both, but I already end with an Invalid Request
Lets see if we talk about the same. With SAML, an Assertion is created by IDP (keycloak). The Assertion contains info about your identity. The Service Provider needs a method to verify the authencity of the XML, therefor the xml is signed with the private key of the IDP. To verify the document and the signature, you need to provide the public key to the service provider. The public key is sometimes called the cert. it is included in the SAML endpoint.
Thank you very much. I did not pay very close attention to the saml descriptor file. Using the X509 Certificate that it has went a long way to setting me on the right path. Thereafter it was just to ensure that I was matching the email address with what was stored in my application.
Thanks for all the help on this. I am busy evaluating this software and will gladly recommend it to the client. A pro here is that the community is super helpful