SAML Bearer Assertion Flow

gaytithri · June 5, 2023, 11:49pm

SAML Bearer Assertion Flow to obtain the access token is supported in Keycloak?
I am using Keycloak as IDP and doing SAML login. After Saml login I need to make a call to userinfo endpoint to generate custom claims data. I have tried the following.

1.After successful saml login Keycloak redirects to client on the configured Assertion Consumer Service Redirect Binding URL
2. Client validates the saml response and redirects to auth endpoint with redirect_uri specified.
3. KeyCloak is redirecting back to client on the specified redirect url ( my client is python client and I am getting 405 method not support error, even though the endpoint is configured to accept both get and post)

I would like to make a userinfo endpoint call after successful SAML login from the client. How can I do this as userinfo endpoint require access_token to be sent.

How to get the access token in my case above. Is there a way to avoid round trip? If silent auth is the option how can I get step 3 to work

Topic		Replies	Views
SAML Bearer Assertion Flow - how to setup Keycloak to issue tokens based on SAML assertion Configuring the server oidc , saml	3	2088	November 17, 2021
How to work with the SAML client with a KeyCloak login page Securing applications authentication , saml	0	152	June 10, 2024
"SAML 2.0 Bearer / Access Token Assertion Grant / Flow " - Does Keycloak support this Getting advice authentication , saml	0	408	January 17, 2024
How to skip the log in screen when getting a SAML Assertion from a SAML client? Getting advice	0	81	June 7, 2024
Any api for requesting saml assertions?	2	316	September 2, 2021

SAML Bearer Assertion Flow

Related topics