I am trying to configure SAML on wildfly and it’s failing. The browser login is redirected as expected to keycloak forms, the SAML seems to be successful on the keycloak server, however, it is failing to login on the wildfly server. The server shows an error:
[org.keycloak.adapters.saml.SamlSessionStore] (default task-1) Session WeSldFHP25upx-JlqjO4AwxpIdWEKk1vjVACOEbT has expired on some other node
The session id above matches the JSESSIONID.
Using Keycloak 12.0.1 as the IDP.
Using Wildfly 21.0.1.Final
Both running in separate docker containers.
There is no other node running only the standalone wildfly instance.
I am following the example in https://www.keycloak.org/docs/latest/getting_started/ and using the vanilla application https://github.com/keycloak/keycloak-quickstarts/tree/latest/app-profile-jee-vanilla.
Here is my configuration in the wildfly standalone.xml:
<subsystem xmlns="urn:jboss:domain:keycloak-saml:1.3">
<secure-deployment name="vanilla.war">
<SP entityID="vanilla"
sslPolicy="NONE"
logoutPage="SPECIFY YOUR LOGOUT PAGE!">
<IDP entityID="idp">
<SingleSignOnService signRequest="false"
validateResponseSignature="false"
validateAssertionSignature="false"
requestBinding="POST"
bindingUrl="http://localhost:8280/auth/realms/myRealm/protocol/saml"/>
<SingleLogoutService signRequest="false"
signResponse="false"
validateRequestSignature="false"
validateResponseSignature="false"
requestBinding="POST"
responseBinding="POST"
postBindingUrl="http://localhost:8280/auth/realms/myRealm/protocol/saml"
redirectBindingUrl="http://localhost:8280/auth/realms/myRealm/protocol/saml"/>
</IDP>
</SP>
</secure-deployment>
</subsystem>
Any configuration that I am missing?
Any help is appreciated.
Thanks