Logout: Shibboleth SP to Keycloak IDP
Nate Klingenstein
ndk at signet.id
Wed Jun 23 21:47:15 UTC 2021
Joshua,
Presuming it's your primary authentication mechanism, all that needs to be done is that their metadata as loaded by the SP must include:
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://<keycloak_host>/auth/realms/<realm_name>/protocol/saml"/>
And SAML2 needs to be in the <Logout> element, as it is in the stock configuration distributed by the Project.
https://wiki.shibboleth.net/confluence/display/SP3/SAML2+LogoutInitiator
I haven't actually done this integration myself, but if they're following the standards, things should work. If they aren't, we'll find out.
Take care,
Nate.
--------
Signet, Inc.
The Art of Access ®
https://www.signet.id
-----Original message-----
From: Joshua Brodie
Sent: Wednesday, June 23 2021, 9:41 pm
To: users
Subject: Logout: Shibboleth SP to Keycloak IDP
I’m trying to initiate a logout from an application (protected by Shibboleth SP) to Keycloak.
Wondering if any on this list may have tips.
For the logout to Keycloak – will be a straight HTTP POST to:
https://<keycloak_host>/auth/realms/<realm_name>/protocol/saml
Thanks.
--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list