IDP initiated sso + SP initiated SSO from external IDP should work together with the same relam

30 views

Skip to first unread message

Narendra Kumawat

unread,

Dec 31, 2019, 12:48:40 AM12/31/19

to keyclo...@googlegroups.com

Hello @all, I am using keycloak as broker identity. I implemented 2 clients, 1 is openid-connect and another is using saml protocaol.
On client’s end he has to append /clients/client_name in ACS url while configuring IDP initiated sso.
but I want IDP initiated sso flow should work with SP initiated sso from the same app. But ACS url assertion is failing on idp`s end.

Invalid request, ACS Url in request https://domain.com/auth/realms/d70b9434a17de90b9ad940ee4fe35661/broker/gsuite/endpoint doesn't match configured ACS Url https://domain.com/auth/realms/d70b9434a17de90b9ad940ee4fe35661/broker/gsuite/endpoint/clients/idp_initiated.

Is this the standard that separate apps for SP initiated as well as IDP initiated sso, if not then how to implement that both should work with the same app.

Reply all

Reply to author

Forward

0 new messages