我是KeyCloak的新手,正在尝试将其配置为SAML IDP到SalesForce客户端.IDP发起的SSO流程工作正常。我被引导到Salesforce的主页,正确的认证后。然而,SP发起的SSO给我一个JSON输出,而不是Keycloak登录页面。
这是SalesForce重定向到的URL(屏蔽的IP)。http:/10.99.xxx.xxx:8080authrealmstest?SAMLRequest===。...SAML追踪器表示一个有效的SAML认证请求。
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
AssertionConsumerServiceURL="https://f-corpcont--dev.my.salesforce.com?so=00D3K000000lOS"
Destination="http://10.99.xxx.xxx:8080/auth/realms/test"
ID="_2CAAAAXJxZQlkME8wswMDAwMDAwMDA2AAAA3kJle3T1o4lEOE9QztKYIVXwLjlHOcfEaw-7mLWvYqmEiPv5SS32lT0WcQIbjXTP-qO779xPjACwqlhiGs9ZM8ZmltHZd6stzimY1Br3b1_5PqBgWxExV7R1FAAxZ914_3s8rViWWGxmKKGFN94OG2WBh3SMPF3WwGagDIZLRKtSpcGIDCGkuYERb_DR0LgOflx-C0kF7XqKdtU8OTTbk0HpoCKQ8oRh58Mai1eFlqgKf50rdGsFQmCQa-Sg0-JyZg"
IssueInstant="2020-05-04T19:39:22.807Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://f-corpcont--dev.my.salesforce.com</saml:Issuer>
</samlp:AuthnRequest>
我在浏览器中看到的JSON输出是。
{
"realm": "test",
"public_key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHobhU5mQ2itvVfkDWm64sLgT9dfoCNm137ul+A7YRNSXk5g0JEGxoZLVdicRQUx0mr4z6BEM+LN/mztSsigG0aQIqUY8y1un33kBk5gE6W3jaFDX6Rsap/lcXIoO7Jl/pzjAxf3R8RyMMhFQ4Hi1rHl2wSXMWfeNLaoLrzy+LEG1KNZpfhbfG1HUa5fEYpI0sSWEEgcP3faEy2JWOJrfJrcS1tezDD+7x4u+fTUJt0M8vsIjMDAX9UUu+JXnG901a15drj9UjYJyiMJTFQt3Rdrxv96XZa93fKyB36an5GDZWPiwEehtjAJ4mQ0oo0v/TmevoJwZd7YTvClQIDAQAB",
"token-service": "http://10.99.xxx.xxx:8080/auth/realms/test/protocol/openid-connect",
"account-service": "http://10.99.xxx.xxx:8080/auth/realms/test/account",
"tokens-not-before": 0
}
如果有任何提示,我将不胜感激
您为SAML请求使用了错误的URL。错误的。
http://10.99.xxx.xxx:8080/auth/realms/test?SAMLRequest=
正确。
http://10.99.xxx.xxx:8080/auth/realms/test/protocol/saml?SAMLRequest=