Hi,
i am trying to let my application authenticate against keycloak using saml.
My application can authenticate against SSOCircle SAML IDP and also against Activate Directory Federation Services. The application is using spring security saml for that.
When I create a SAML client in keycloak, where do I find the metadata for the keycloak saml idp?
(for ssocircle, this is http://idp.ssocircle.com/idp-meta.xml like here Spring Security SAML Extension)
I tried to put h-t-t-p-s://keycloak.mydomain.com/realms/master/protocol/saml or h-t-t-p-s://keycloak.mydomain.com/realms/master/protocol/saml/descriptor there (without the dashes), but it did not work.
The saml client was created in the master realm.
The error message I get in my application is:
javax.servlet.ServletException: org.opensaml.saml2.metadata.provider.MetadataProviderException: No IDP was configured, please update included metadata with at least one IDP
As you can tell I am completely new to keycloak 
Thanks,
RedAnt
In the “Realm Settings” page of a realm, there is a link “SAML 2.0 Identity Provider Metadata”.
Following this link, your assumption on .../protocol/saml/descriptor is correct.
So, if calling this URL works and you get an XML response, perhaps your application has some trouble to process the data…
Additional advice, most probably not related to your request, but as you are new to the topic…
Never configure you clients in master realm. Always create a separate realm for your functional business environments.
The master realm should remain an administrational realm only!
2 Likes
Problem was a misconfigured network, that sent internal request over the proxy.
Now the proxy is circumvented and it works correctly.