KeyCloak作为Salesforce SP的IDP-SP启动的SSO无法正常工作

时间:2020-05-04 19:46:53

标签: keycloak saml

我是KeyCloak的新手,并正在尝试将其配置为SalesForce客户端的SAML IDP。 IDP启动的SSO流程运行正常。身份验证后,我将被正确定向到Salesforce主页。但是,SP启动的SSO给了我JSON输出,而不是Keycloak登录页面。

这是SalesForce重定向到的URL(掩码IP): http://10.99.xxx.xxx:8080/auth/realms/test?SAMLRequest= ... SAML跟踪程序指示有效的SAML身份验证请求。

<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
                    AssertionConsumerServiceURL="https://f-corpcont--dev.my.salesforce.com?so=00D3K000000lOS"
                    Destination="http://10.99.xxx.xxx:8080/auth/realms/test"
                    ID="_2CAAAAXJxZQlkME8wswMDAwMDAwMDA2AAAA3kJle3T1o4lEOE9QztKYIVXwLjlHOcfEaw-7mLWvYqmEiPv5SS32lT0WcQIbjXTP-qO779xPjACwqlhiGs9ZM8ZmltHZd6stzimY1Br3b1_5PqBgWxExV7R1FAAxZ914_3s8rViWWGxmKKGFN94OG2WBh3SMPF3WwGagDIZLRKtSpcGIDCGkuYERb_DR0LgOflx-C0kF7XqKdtU8OTTbk0HpoCKQ8oRh58Mai1eFlqgKf50rdGsFQmCQa-Sg0-JyZg"
                    IssueInstant="2020-05-04T19:39:22.807Z"
                    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                    Version="2.0">
  <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://f-corpcont--dev.my.salesforce.com</saml:Issuer>
</samlp:AuthnRequest>

我在浏览器中看到的JSON输出是:

{
    "realm": "test",
    "public_key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHobhU5mQ2itvVfkDWm64sLgT9dfoCNm137ul+A7YRNSXk5g0JEGxoZLVdicRQUx0mr4z6BEM+LN/mztSsigG0aQIqUY8y1un33kBk5gE6W3jaFDX6Rsap/lcXIoO7Jl/pzjAxf3R8RyMMhFQ4Hi1rHl2wSXMWfeNLaoLrzy+LEG1KNZpfhbfG1HUa5fEYpI0sSWEEgcP3faEy2JWOJrfJrcS1tezDD+7x4u+fTUJt0M8vsIjMDAX9UUu+JXnG901a15drj9UjYJyiMJTFQt3Rdrxv96XZa93fKyB36an5GDZWPiwEehtjAJ4mQ0oo0v/TmevoJwZd7YTvClQIDAQAB",
    "token-service": "http://10.99.xxx.xxx:8080/auth/realms/test/protocol/openid-connect",
    "account-service": "http://10.99.xxx.xxx:8080/auth/realms/test/account",
    "tokens-not-before": 0
}

任何指针将不胜感激

1 个答案:

答案 0 :(得分:1)

您为SAML请求使用了错误的URL。错误:

http://10.99.xxx.xxx:8080/auth/realms/test?SAMLRequest=

正确:

http://10.99.xxx.xxx:8080/auth/realms/test/protocol/saml?SAMLRequest=
相关问题
最新问题