TechQA.

Is it possible for Keycloak to be used as an IDP and a PHP application as an SP?

5.9k views Asked by At

I imported this PHP project into Eclipse (master branch; the contents of the demo1 folder).

Goal: I want to integrate a login SSO demo in PHP using Keycloak with SAML.

First of all, is it possible for Keycloak to be used as an Identity Provider (IDP) and a PHP application as a Service Provider (SP)?

I have already configured a settings file and Keycloak's configuration. But I have not added a client-id anywhere in my Eclipse project; I don't know where to add it!

<?php
    
$spBaseUrl = 'http://localhost:8080'; //or http://<your_domain>
    
//The ACS URL is a combination of the Secure Token Server subsystem address, its port number for handling SAML messages, the SAML binding,
//and any necessary information that is specific for CIC or ICWS.


$settingsInfo = array(
    'sp' => array(
        'entityId' => $spBaseUrl.'/demo1/metadata.php',
        'assertionConsumerService' => array(
            'url' => $spBaseUrl.'/demo1/index.php?acs',
        ),
        'singleLogoutService' => array(
            'url' => $spBaseUrl.'/demo1/index.php?sls',
        ),
        'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
    ),
    'idp' => array(
        'entityId' => 'http://localhost:8080/auth/realms/Lifetrenz',
        'singleSignOnService' => array(
            'url' => 'http://localhost:8080/auth/realms/Lifetrenz/protocol/saml',
        ),
        'singleLogoutService' => array(
            'url' => 'http://localhost:8080/auth/realms/Lifetrenz/protocol/saml',
        ),
        'x509cert' => 'MIICoTCCAYkCBgF0eK4PUzANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlMaWZldHJlbnowHhcNMjAwOTEwMTU0MDA3WhcNMzAwOTEwMTU0MTQ3WjAUMRIwEAYDVQQDDAlMaWZldHJlbnowggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmHuIp66rwzd8pkm8nQ/PfMt6JUKu1VvkgrSpmMKkYcnbyWzMkOXV96VQBQLfMFZ+7OQlmGreCVASjjNaNhnDwF2KUU+CzJDdxAD8fj2DfGKsaiR5mZLlld5Fxl2dQ7Vn97gMRz7tb/+pW1Ih0ckYSGQwe4frWUZJxahZRUXtsJkj14pSib8u2J7BRJgrDhQMDFHAL1eyPZxKsXFdH6eB2FtWEJE90Zy6cshe5xFd+fMFY2vCPrbGH9FmcRjq004XQ9QdbL52paCnKoK2Vh7zwi80IXxjt8STUyf9Qnllzsmn37EFS8ZOzWoSy9dwqdHpF6BICBBYZZ2HIHCNXA1E9AgMBAAEwDQYJKoZIhvcNAQELBQADggEBAAnvVLS5Tk5cE6e4IO3FwVbAvnHFi3nFHipnIqmfHf63Gy25b/mCtVZ9tDSA2tGCyULB0Zeq4B518/GJo0423lMw/R0dTkQnXuDPZc8O7MQbNg2fnNqNiamsv21RhDp3r998Un9MrniCuR1+vZyYy2urdLfF/BvvWVpVWtHvXgT1VI5lzy+WBJM08FO6rHdHiqVgWLf+xxXunaQA5gcno2Af6XzPsIHTFok6VviBZqJ6vqXwITfb9S4zwcqr0rgqeqGJ6w7qPZeC9UZw0EjtUqnjrnDZ6PxXjCXMdy4PXN0kEls1jMvbTS+LIlR1K3RlfXW0/K6Z8Ge/c+WAN+yXS30=',
    ),
);

But when I hit index.php, and when it redirects to the Keycloak login provider page, I'm getting "Unknown login requester".

Obviously, because I have not configured a Keycloak client-id!

php keycloak saml saml-2.0 idp
Original Q&A
1

There are 1 answers

11
Leonid Shumakov On

Client ID in Keycloak needs to be equal to entityId in your site/metadata.

It means you need to configure your Keycloak (Clients section) to be in sync with your metadata. If your entityId is the metadata URL, your Keycloak Client ID need to be the same URL.

Official guide: https://www.keycloak.org/docs/latest/server_admin/#saml-clients

Related Questions in PHP

Related Questions in KEYCLOAK

Related Questions in SAML

Related Questions in SAML-2.0

Related Questions in IDP

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions