Keycloak IdP SAML 2 Export of XML metdata to an SP
Sometimes it's a good thing to specify in writing what you need - which I did here on Stack Overflow.
I found the URL to where on Keycloak one can export the IdP XML
https://keycloak-url/realms/{REALM-NAME}/protocol/saml/descriptor
That gave me the IDPSSODescriptor.
I'll leave this thread here, so people can benefit from my mistakes.
Since Keycloak 3.x, IdP XML descriptor needs /auth/ after keycloak-url
https://{KEYCLOAK-URL}/auth/realms/{REALM-NAME}/protocol/saml/descriptor
The original poster is correct that the option SAML Metadata IDPSSODescriptor
is no longer available on Keycloak 6.0.1
One change to make is when you use the URL https://{KEYCLOAK-URL}/auth/realms/{REALM-NAME}/protocol/saml/descriptor
, Rancher expects the root element to be EntityDescriptor
so you need to remove EntitiesDescriptor
and copy the namespaces from the root element.
i.e.
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" entityID="https://{KEYCLOAK-URL}/auth/realms/{REALM-NAME}">
....
</EntityDescriptor>