#181 Integration with Picketlink/Keycloak
Closed: Fixed None Opened 3 years ago by rcritten.

Test integration with Picketlink (picketlink.org/) as the SP.

I started at http://picketlink.org/gettingstarted/ and went the wildfly route and downloaded 8.0.0-Final from http://wildfly.org/downloads/ (newer versions don't work with the examples).

I used the picketlink installer from http://downloads.jboss.org/picketlink/2/latest/picketlink-installer-2.7.0.Final.zip. Install this just by running ant in the unzipped directory.

Finally I installed the basic idp and sp from https://github.com/jboss-developer/jboss-picketlink-quickstarts

I needed to install a slew of dependencies not mentioned to get it all working including: unzip, ant, maven, git and probably a few others.

They redirected me to use keycloak instead and pointed me to http://keycloak.github.io/docs/userguide/html/identity-broker.html#d4e1801 and https://github.com/keycloak/keycloak/tree/master/examples

summary: Integration with Picketlink => Integration with Picketlink/Keycloak

Rather than trying to piece keycloak and the examples together, which didn't work for me, there is a keycloak-demo-1.5.0 on the keycloak download site. That seems to work.

I followed the top-level instructions for the preconfigured-demo then went up a directly and deployed the saml examples.

The test user is bburke. I didn't bother to look up the default password and just reset it myself in the admin console.

After that SAML, at least in the demo, seems to work according to the FF plugin SAMLTracer.

Login seems to work but I get a 403 Forbidden from Wildfly. There may be some additional access control I need to do but it shows that the SAML part is working properly in any case.

It is difficult to test further because of other issues I've found. I filed these tickets against keycloak:

SAML namespace not included in metadata: https://issues.jboss.org/browse/KEYCLOAK-1954

Many SAML buttons don't work: https://issues.jboss.org/browse/KEYCLOAK-1955

Examples are difficult to use outside of pre-configured demo server: https://issues.jboss.org/browse/KEYCLOAK-1956

Added a small bit of text about Keycloak integration.

resolution: => fixed
status: accepted => closed

Metadata Update from @rcritten:
- Issue assigned to rcritten
- Issue set to the milestone: 1.2

2 years ago

Login to comment on this ticket.