Timo, did you succeed ? I also struggled to integrate Zammad with Keycloak and OIDC, but eventually got it working after modifying oauth2_database.rb as described by fgaillard, while adjusting the UserInfo endpoint URL.
Not yet. I have modified oauth2_database.rb file like fgaillard described. But when I try to login zammad I get following error from zammad " 422: The change you wanted was rejected. Message from oauth2: invalid_credentials". I am not sure if my dev enviroment could affect to that because I don’t have https in use (only http). Next I try on our prod enviroment where we have https certificates in use
someone using actual Zammad version 2.9 with Keycloak?
I tried to do this. But after modifying the file oauth2_database.rb, zammad is not started anymore. Unfortunately no error message in the log.
Logfile:
I, [2019-05-24T18:24:44.951851 #30373-47097529438040] INFO – : Setting.set(‘product_logo’, “e1bcceb4310ab11f0703570d79d3297f.png”)
I, [2019-05-24T18:24:44.996864 #30317-47336712679260] INFO – : Setting.set(‘product_logo’, “e1bcceb4310ab11f0703570d79d3297f.png”)
I, [2019-05-24T18:24:54.541605 #30407-47368826384200] INFO – : Setting.set(‘product_logo’, “e1bcceb4310ab11f0703570d79d3297f.png”)
I, [2019-05-24T18:24:54.685129 #30439-46984700465000] INFO – : Setting.set(‘product_logo’, “e1bcceb4310ab11f0703570d79d3297f.png”)
I, [2019-05-24T18:24:54.721180 #30438-46982998912840] INFO – : Setting.set(‘product_logo’, “e1bcceb4310ab11f0703570d79d3297f.png”)
I, [2019-05-24T18:25:04.130981 #30513-47108753452880] INFO – : Setting.set(‘product_logo’, “e1bcceb4310ab11f0703570d79d3297f.png”)
I, [2019-05-24T18:25:04.356646 #30533-46946074996560] INFO – : Setting.set(‘product_logo’, “e1bcceb4310ab11f0703570d79d3297f.png”)
I, [2019-05-24T18:25:04.482935 #30571-47150401810260] INFO – : Setting.set(‘product_logo’, “e1bcceb4310ab11f0703570d79d3297f.png”)
I, [2019-05-24T18:25:13.847471 #30608-47298343087960] INFO – : Setting.set(‘product_logo’, “e1bcceb4310ab11f0703570d79d3297f.png”)
I, [2019-05-24T18:25:14.182459 #30638-47167214907240] INFO – : Setting.set(‘product_logo’, “e1bcceb4310ab11f0703570d79d3297f.png”)
I, [2019-05-24T18:25:14.332937 #30639-47454637977420] INFO – : Setting.set(‘product_logo’, “e1bcceb4310ab11f0703570d79d3297f.png”)
I, [2019-05-24T18:25:23.294963 #30707-47458085220180] INFO – : Setting.set(‘product_logo’, “e1bcceb4310ab11f0703570d79d3297f.png”)
I, [2019-05-24T18:25:23.486196 #30736-46950055022440] INFO – : Setting.set(‘product_logo’, “e1bcceb4310ab11f0703570d79d3297f.png”)
I, [2019-05-24T18:25:23.957967 #30764-47448598237020] INFO – : Setting.set(‘product_logo’, “e1bcceb4310ab11f0703570d79d3297f.png”)
I, [2019-05-24T18:25:32.788838 #30806-47069437874000] INFO – : Setting.set(‘product_logo’, “e1bcceb4310ab11f0703570d79d3297f.png”)
I, [2019-05-24T18:25:32.860718 #30805-47423005708120] INFO – : Setting.set(‘product_logo’, “e1bcceb4310ab11f0703570d79d3297f.png”)
I, [2019-05-24T18:25:33.743286 #30864-47119643750240] INFO – : Setting.set(‘product_logo’, “e1bcceb4310ab11f0703570d79d3297f.png”)
…
Did you ensure that the formatting is correct? Ruby is very picky about that. One “Tab” would be 3 spacings. If Zammad doesn’t start, that’s a sign that formatting is wrong.
Thanks for your hints! I got Keycloak with openid connect protocol to work with Zammad. Great!!
When doing the first login using Keycloak, Zammad creates a new user. Login token is not email but the Keycloak User ID. There is no way to edit this in order to give this ID to an eyxisting user. Or did I miss something?
Hey there! I just want to share the news here that Zammad 3.2 will support SAML authentication out of the box without the need to change files. We had great support from @carl2187 who verified that Keycloak integration works as expected.