[KEYCLOAK-3373] SAML IdP Metadata retrieval is inconsistent - Red Hat Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Done
Affects Version/s: 1.9.8.Final
Fix Version/s: 6.0.0
Component/s: SAML
Labels:
- team-puma

Sprint:
Keycloak Sprint 19
Story Points:
5

Description

The discussion as of Jan 2019 results into:

Remove "SAML Metadata ISPSSODescriptor" option from Client Installation tab
Add a link to the SAML IDP descriptor URL under the realm settings as we do for OIDC well-known endpoint.

Original description:
There are (at least) two ways to retrieve the IdP's metadata.

1. Do a get on auth/realms/{realm}/protocol/saml/descriptor
2. Use the Installation tab on the realms SAML client and select "SAML Metadata ISPSSODescriptor"

The metadata returned should be semantically the same but they are not. Attached are two metadata files, one for each method.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

client-tailored-saml-idp-metadata.xml
2 kB
2016/07/29 8:22 AM
idp_metadata.xml
4 kB
2016/07/29 8:23 AM

Issue Links

is duplicated by

KEYCLOAK-8537 IDPSSODescriptor from installation tab omits HTTP-Redirect SingleLogoutService but is present in IDPSSODescriptor retrieved via REST

Closed

is related to

KEYCLOAK-8639 Support RelayState in POST endpoint for SAML IdP-initiated Identity Brokering

Closed

Sub-Tasks

1.	Remove "SAML Metadata ISPSSODescriptor" option from Client Installation tab		Closed		Unassigned
2.	Link to the SAML IDP descriptor URL		Closed		Unassigned

Activity

People

Assignee:: Hynek Mlnařík

Reporter:: John Dennis (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2016/07/29 8:24 AM

Updated:: 2019/05/10 2:36 AM

Resolved:: 2019/03/19 6:37 AM