How can I resolve "SAML Providers must reference at least one SAML assertion issuer" message?

Question

I want to setup a SSO solution using Keycloak 10.0.2 as the Identity Provider. The first application I want to setup is AWS.

I followed this tutorial to enable Keycloak to sign me in using SAML. I noticed, that this tutorial is guiding me to download the “SAML Metadata IDPSSODescriptor” from the client's "Installation"-Tab. However, I can only choose "SAML Metadata SPSSODescriptor".

In AWS, I entered the name of my realm as "Provider Name" and imported the SPSSODescriptor. This led to the following error: SAML Providers must reference at least one SAML assertion issuer.

Aftandil Kurolesov · Answer 1 · 2020-06-23T00:39:30.790

3

In downloaded xml file change SPSSODescriptor to IDPSSODescriptor for both opening and closing tags. Also entityID should be "https://KEYCLOAK-URL/auth/realms/YOUR-REALMS-NAME"

edited Jun 23 '20 at 00:39

answered Jun 22 '20 at 22:27

Aftandil Kurolesov

31
2

score 0 · Answer 2 · edited Jul 31 '20 at 12:33

0

Use the command:

wget https://KEYCLOAK-URL/auth/realms/YOUR-REALMS-NAME/protocol/saml/descriptor

and

upload descripter

edited Jul 31 '20 at 12:33

kenlukas

2,886
2
14
25

answered Jul 31 '20 at 09:35

jobycxa

101

How can I resolve "SAML Providers must reference at least one SAML assertion issuer" message?

2 Answers2