We've been testing SSO solutions recently and today I tried logging in using Enhanced Client and Proxy with a simple rest client (Postman). I've used two servers, a regular EAP 7 JBoss with the SAML adapter addon(SP) and a RH SSO server(IdP). My intended approach was to do the following:

1. Connect to SP with these headers:
Accept: text/html;application/vnd.paos+xml
PAOS: ver="urn:liberty:paos:2003-08";"urn:oasis:names:tc:SAML:2.0.profiles:SSO:ecp"

2. POST the response from the SP to the IdP with basic authorization (username/password)

3. POST the response from the IdP to the SP

4. By now the session cookie is set up so I will have access to the protected resource.

However I could not complete step 1 since I got a 500 error in return. The logs on the SP reveals the following stacktrace:

2017-07-13 10:07:27,976 ERROR [io.undertow.request] (default task-40) UT005023: Exception handling request to /rest/v1/ping: java.lang.NoClassDefFoundError: javax/xml/soap/MessageFactory
at org.keycloak.adapters.saml.profile.ecp.EcpAuthenticationHandler$1.sendAuthnRequest(EcpAuthenticationHandler.java:113) [keycloak-saml-adapter-core-2.5.7.Final-redhat-2.jar:2.5.7.Final-redhat-2]
at org.keycloak.adapters.saml.AbstractInitiateLogin.challenge(AbstractInitiateLogin.java:61) [keycloak-saml-adapter-core-2.5.7.Final-redhat-2.jar:2.5.7.Final-redhat-2]
at org.keycloak.adapters.saml.undertow.AbstractSamlAuthMech.sendChallenge(AbstractSamlAuthMech.java:59) [keycloak-saml-undertow-adapter-2.5.7.Final-redhat-2.jar:2.5.7.Final-redhat-2]
at io.undertow.security.impl.SecurityContextImpl$ChallengeSender.transition(SecurityContextImpl.java:295) [undertow-core-1.3.25.Final-redhat-1.jar:1.3.25.Final-redhat-1]

I added this dependency
<module name="javax.xml.soap.api"/>
to
modules\system\add-ons\keycloak\org\keycloak\keycloak-saml-adapter-core\main\module.xml
and then my described approach worked.