I started at http://picketlink.org/gettingstarted/ and went the wildfly route and downloaded 8.0.0-Final from http://wildfly.org/downloads/ (newer versions don't work with the examples).

I used the picketlink installer from http://downloads.jboss.org/picketlink/2/latest/picketlink-installer-2.7.0.Final.zip. Install this just by running ant in the unzipped directory.

Finally I installed the basic idp and sp from https://github.com/jboss-developer/jboss-picketlink-quickstarts

I needed to install a slew of dependencies not mentioned to get it all working including: unzip, ant, maven, git and probably a few others.

The examples I used used SSO POST and it seemed to work ok though some of the redirects were a bit wonky. I did seem to be doing SAML auth though the data was in the Location!?

http://localhost:8080/sales-post/?SAMLResponse=5VXBbqMwFPwV5LtjIEBYKyBl20ukppWaVbXqZWXMI6EFG9lGSf9%2BTQJoSbdtzrvigscz9rzxwyw1q6uGPoJupNDgHOtKaHoCE9QqQSXTpaaC1aCp4XS72txRb%2BbSRkkjuazQH5LPFUxrUKaUAjlrrVtYC22YMAnyXS%2FEnovdxQ%2FfpX5IvXjm%2BfEzcjbsRaonUNqqEuRZoBRTYDC%2Bvk3Q%2BvYX55Ef%2BYzhLIrnOOBRgBmLA5zPi0VWfMt8%2B6B0eS56a5hp9XR0I3NwnljVQoJ6vOUctEYkXZL3OroaqjrncHUEo653vggZ5AseYfD9EAcsi7AFYhxDEEZZwYNFBNcF5z73PJWgvTENJaSSnFV7qQ2N3dglZd7gGgzLmWHkipT7Um%2BkyMvOsnbupfkOhVTwNxNRb8KSHsSDWhWms%2FKO54dnHhmSbM0ehCk56%2FboQobajp0pfkXxU8EGzF7mX5xLTRt7Ngep8qHYbZu9ADf96N5K1nm3aFGCSo2s7eLnfric69FRTz4rbijdGFVmrYEPJ5zxrdsuQY%2Bysu0wAXXDOJzrbEr%2BCqYqxStVHfFytVOD9x%2FuUY9tcjgcZof5TKod8V3XIz83d1u%2Bh5qhkVt%2BTcbl6Yi49Wf51Lw11tXR3hB2c7FDac0E24Eagpl4Si%2FRfzgHqJtKvgH890FoVoG%2BNgXy4QdDpvfxeF0Pv4j0Nw%3D%3D

I have no idea how to get any metadata to associate with something else. I've got a question pending in the wildfly hipchat console which is where I got some help getting the right versions working together.

owner: => rcritten
status: new => accepted

They redirected me to use keycloak instead and pointed me to http://keycloak.github.io/docs/userguide/html/identity-broker.html#d4e1801 and https://github.com/keycloak/keycloak/tree/master/examples

summary: Integration with Picketlink => Integration with Picketlink/Keycloak

Rather than trying to piece keycloak and the examples together, which didn't work for me, there is a keycloak-demo-1.5.0 on the keycloak download site. That seems to work.

I followed the top-level instructions for the preconfigured-demo then went up a directly and deployed the saml examples.

The test user is bburke. I didn't bother to look up the default password and just reset it myself in the admin console.

After that SAML, at least in the demo, seems to work according to the FF plugin SAMLTracer.

Login seems to work but I get a 403 Forbidden from Wildfly. There may be some additional access control I need to do but it shows that the SAML part is working properly in any case.

It is difficult to test further because of other issues I've found. I filed these tickets against keycloak:

SAML namespace not included in metadata: https://issues.jboss.org/browse/KEYCLOAK-1954

Many SAML buttons don't work: https://issues.jboss.org/browse/KEYCLOAK-1955

Examples are difficult to use outside of pre-configured demo server: https://issues.jboss.org/browse/KEYCLOAK-1956

Added a small bit of text about Keycloak integration.

resolution: => fixed
status: accepted => closed