Comments (3)
Thanks for the feedback. Konnect loads the metadata from the configured URI. So all information from there could be used.
Seems like an easy change at https://github.com/Kopano-dev/konnect/blob/master/identity/authorities/saml2.go#L124-L126 assuming the issuer URI is found in the meta data (for example by using EntityID).
For example
diff --git a/identity/authorities/saml2.go b/identity/authorities/saml2.go
index 632f003..79fbf2e 100644
--- a/identity/authorities/saml2.go
+++ b/identity/authorities/saml2.go
@@ -122,7 +122,7 @@ func (ar *saml2AuthorityRegistration) Authority() *Details {
}
func (ar *saml2AuthorityRegistration) Issuer() string {
- return ar.metadataEndpoint.String()
+ return ar.serviceProvider.IDPMetadata.EntityID
}
func (ar *saml2AuthorityRegistration) Validate() error {
(END)
I am looking at https://github.com/keycloak/keycloak/blob/master/services/src/main/resources/idp-metadata-template.xml - can you please check where to find the Issuer URI if its not the metadata URI and report back?
We could add a configuration field for this if not possible to retrieve the issuer URI from anywhere.
from konnect.
I just confirmed with my test-setup. Looks like keycloak is using it's entity-id so your fix would be sufficient.
If needed, I could test the fix next monday.
from konnect.
Thanks for confirming - the above path will be included in the next release.
from konnect.
Related Issues (15)
- Access tokens use algo 'PS256' which seems not to be supported/implemented by any token verifier .... HOT 7
- Authentication via SAML IDP possible? HOT 18
- `--log-level` not available for `cookie` ? HOT 2
- Embedding Konnectd as dependency? HOT 4
- Is there any way to map the user information user info as returned via the userinfo_endpoint to a user in ldap? HOT 4
- Further improve usage as library HOT 1
- Make identifier-webapp optional
- [Spec] Graph Backend HOT 1
- Add eye icon for password field
- subject is based on the ldap dn, which is neither stable, nor non-reassignable HOT 3
- redirect_uri's require trailing slash on logout? HOT 2
- Commit f8c1f4a (current top) does not build HOT 10
- Get memberOf LDAP property as Claim attribute of JWT token. HOT 1
- SIGSEGV on startup due to uri parse error in identifer-registration.yaml HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from konnect.