While trying to achieve pure Keycloak IDP initiated sso to achieve this flow
"Login to keycloak realm ==> Go to applications ==> click on application name and application launches because you are already logged in to the keycloak IDP),
I faced several issues while trying to achieve the above flow, so I gave that up, and now trying to achieve Keycloak brokered sso:
(Browse to the specific Keycloak broker URL ==> Get redirected to the login page of the Keycloak IDP ==> this does a POST of Saml assertion to my application URL ==> Application launches because the user is already logged in / authenticated with IDP).
I am using one instance of Keycloak as IDentity provider (keycloak3) and another instance as Service Provider (keycloak4). I am following the steps from this existing thread. idp initiated sso using keycloak
########## Start Steps followed ##########
a. create a saml client at keycloak3 (http://localhost:8083) under realm3. With IdP initiated SSO Name set as some name without spaces) --> say, sso.
b. In the Fine Grain SAML Endpoint Configuration section of the above client, for Assertion Consumer Service (ASC) POST Binding URL --> http://localhost:8084/realms/realm4/broker/saml/endpoint/clients/keycloak4samlclient ( https://www.keycloak.org/docs/latest/server_admin/index.html#idp-initiated-login)
c. click on above created saml client --> installation --> Export SAML Metadata IDPSSODescriptor and save as saml-metadata.xml ( say ).
d. Add a user in keycloak3, say user3/user@456
e. At the keycloak4(http://localhost:8084), create a IDP ( identity providers tab with name saml (refer ASC url). Import the above exported saml-metadata.xml and save.
f. At the keycloak4, create a saml client and in the IDP initiated SSO url give name as keycloak4samlclient
g. In the browser hit, http://localhost:8083/realms/realm3/protocol/saml/clients/sso
Prompt for username/pwd, give credentials for user3
########## End Steps followed ##########
My application is the 'java-saml' application deployed on local tomcat at 8080. https://github.com/SAML-Toolkits/java-saml/tree/master/samples/java-saml-tookit-jspsample
After I complete all the steps, and browse this URL http://localhost:8083/realms/realm3/protocol/saml/clients/sso
I am getting "client not found" error. I spent the entire day troubleshooting this one, could not find any leads. Can someone please let me know if you have faced this, and whether you have any solution I can try? This is the screenshot of error.
