SAML Keycloak – Invalid Request

alfbrooks · January 9, 2020, 2:23pm

Infos:

Used Zammad version: 3.2.0-10
Used Zammad installation source: zammad/zammad-docker-compose
Used Keycloak version: 8.0.1
Operating system: Mac OS X 10.15
Browser + version: Firefox/71.0
Running Zammad behind a nginx reverse proxy
Host running Zammad: https://help.innowo.info

Expected behavior:

I want to setup SAML Login with Keycloak. I followed the documentation on https://admin-docs.zammad.org/en/latest/settings/security/third-party/saml.html

I expected the behaviour that I can login with SAML via Keycloak.

Actual behavior:

After pressing the SAML login button, I get redirected to my keycloak site. The site ist telling me “Invalid Request”

Steps to reproduce the behavior:

I checked my Zammad config:

Here are the logfiles of Keycloak, Nginx & the Railserver
https://pastebin.com/77zf1ZuS

My Nginx config
https://pastebin.com/8zqiZLdU

My Docker Compose Config
https://pastebin.com/aiZBcSrN
*

I can’t really figure out what I missed or did wrong. Does anybody have an idea or solution. I would be very pleased.

alfbrooks · January 13, 2020, 5:05pm

I was able to fix the problem myself. I changed one configuration in my Keycloak client setup.

Changed the following:
Client Signature Required from on to off

Now I’m able to login as expected.

P.S. If anybody is interested how to provide the complete name (First- and Lastname) in Keycloak. Use a javascript mapper and take the following code:

var firstname = user.getFirstName();
var lastname = user.getLastName();
var fullname = firstname+' '+lastname;

exports = fullname;

system · May 12, 2020, 5:05pm

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.