diff --git a/services/src/main/java/org/keycloak/protocol/saml/SamlService.java b/services/src/main/java/org/keycloak/protocol/saml/SamlService.java
index 566ef3e1d7..78e806adfa 100755
--- a/services/src/main/java/org/keycloak/protocol/saml/SamlService.java
+++ b/services/src/main/java/org/keycloak/protocol/saml/SamlService.java
@@ -636,6 +636,8 @@ public class SamlService extends AuthorizationEndpointBase {
return ErrorPage.error(session, null, Response.Status.BAD_REQUEST, Messages.INVALID_REDIRECT_URI);
}
+ session.getContext().setClient(client);
+
AuthenticationSessionModel authSession = getOrCreateLoginSessionForIdpInitiatedSso(this.session, this.realm, client, relayState);
return newBrowserAuthentication(authSession, false, false);
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlIdPInitiatedSsoTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlIdPInitiatedSsoTest.java
index bf136fd74e..f1f5bf17b2 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlIdPInitiatedSsoTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlIdPInitiatedSsoTest.java
@@ -1,8 +1,3 @@
-/*
- * To change this license header, choose License Headers in Project Properties.
- * To change this template file, choose Tools | Templates
- * and open the template in the editor.
- */
package org.keycloak.testsuite.broker;
import org.keycloak.admin.client.resource.ClientsResource;
@@ -145,6 +140,10 @@ public class KcSamlIdPInitiatedSsoTest extends AbstractKeycloakTest {
return getAuthRoot() + "/auth/realms/" + realmName + "/broker/saml-leaf/endpoint/clients/" + samlIdpInitiatedSsoUrlName;
}
+ private String getSamlBrokerUrl(String realmName) {
+ return getAuthRoot() + "/auth/realms/" + realmName + "/broker/saml-leaf/endpoint";
+ }
+
private void waitForPage(final String title) {
WebDriverWait wait = new WebDriverWait(driver, 5);
@@ -181,6 +180,41 @@ public class KcSamlIdPInitiatedSsoTest extends AbstractKeycloakTest {
assertThat(resp.getDestination(), is("http://localhost:8180/auth/realms/" + REALM_CONS_NAME + "/app/auth"));
}
+ @Test
+ public void testConsumerIdpInitiatedLoginToApp() {
+ SAMLDocumentHolder samlResponse = new SamlClientBuilder()
+ .navigateTo(getSamlIdpInitiatedUrl(REALM_CONS_NAME, "sales"))
+ // Request login via saml-leaf
+ .login().idp("saml-leaf").build()
+
+ .processSamlResponse(Binding.POST) // AuthnRequest to producer IdP
+ .targetAttributeSamlRequest()
+ .build()
+
+ // Login in provider realm
+ .login().user(PROVIDER_REALM_USER_NAME, PROVIDER_REALM_USER_PASSWORD).build()
+
+ // Send the response to the consumer realm
+ .processSamlResponse(Binding.POST)
+ .transformObject(ob -> {
+ assertThat(ob, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
+ ResponseType resp = (ResponseType) ob;
+ assertThat(resp.getDestination(), is(getSamlBrokerUrl(REALM_CONS_NAME)));
+ return ob;
+ })
+ .build()
+
+ .updateProfile().username(CONSUMER_CHOSEN_USERNAME).email("test@localhost").firstName("Firstname").lastName("Lastname").build()
+ .followOneRedirect()
+
+ // Obtain the response sent to the app
+ .getSamlResponse(Binding.POST);
+
+ assertThat(samlResponse.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
+ ResponseType resp = (ResponseType) samlResponse.getSamlObject();
+ assertThat(resp.getDestination(), is("http://localhost:8180/auth/realms/" + REALM_CONS_NAME + "/app/auth"));
+ }
+
@Test
public void testTwoConsequentIdpInitiatedLogins() {
SAMLDocumentHolder samlResponse = new SamlClientBuilder()
diff --git a/testsuite/integration-arquillian/tests/pom.xml b/testsuite/integration-arquillian/tests/pom.xml
index ca46734425..2af22bea8d 100755
--- a/testsuite/integration-arquillian/tests/pom.xml
+++ b/testsuite/integration-arquillian/tests/pom.xml
@@ -377,6 +377,12 @@
org.wildfly.arquillian
wildfly-arquillian-container-remote
+
+ org.wildfly.core
+ wildfly-cli
+ test
+ ${wildfly.core.version}
+