Hello everyone, I’m using keycloak as a SAML Service provider and Layer7 SiteMinder as a SAML Identity provider.
The classic SP Initiated SAML Flow is working without any issue but I have a use case when I need to use an IDP initiated flow.
When Is use this flow keycloak gice me the following error:
on the server log I go the following errors messages:
So for my point of view, because on the IDP initiated flow, the IDP don’t consume the SAML Authentication Request from keycloak. The IDP generate a SAML Response without the InResponseTo=“ID_**” value containing the ID of the transaction Keycloak sent into the initial SAML Authentication Request and Keycloak reject the SAML Response.
Is it a normal behavior? This flow is working on RHSSO 7.3 (keycloak 4.8.18).