stackoom
  简体   繁体   中英

SAML 2 extensions in AuthnRequest (Keycloak)

 原文  2017-01-13 14:50:35       authentication/ client/ saml-2.0/ wildfly-10/ keycloak

Question

I'm doing SAML authentication with the Keycloak adapter and I need to use SAML2 extensions in the AuthnRequest message. Is this possible?

My idP provides localized login pages. A language code can be supplied with a SAML2 extension in the AuthnRequest.

Everything works fine if I use the default language (no extensions).

My idp also allows to define the set of valid languages in the service provider metadata. I only need to support three languages, so one workaround would be to register a different service provider for every language. I could define the language in the sp metadata and have three separate URLs in my service for the authentication.

I use Wildfly 10.

Any thoughts?

1 answers

solution1
 0  2017-10-04 20:33:40

Turns out you can extend org.keycloak.broker.saml.SAMLIdentityProvider and override performLogin() and add extensions with SAML2AuthnRequestBuilder.addExtension(). Follow the examples at: https://github.com/keycloak/keycloak/tree/master/examples/providers for deployment considerations and exact implementation.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Why is this SAML 2.0 AuthnRequest invalid? How is the principal identified in the AuthnRequest for SAML 2.0 Web Browser SSO Sending Username/emailid in the saml req as NameID to Keycloak How to map third party IdP SAML attributes to my local application roles using keycloak-saml adapter Set up new extensions in Keycloak kubernetes helm charts SAML redirection Implementing a SAML SSO in Java SAML 2.0 password authentication Saml 2.0 request encoding Alfresco Community SSO with SAML
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM