SAML Keycloak – Invalid Request


  • Used Zammad version: 3.2.0-10
  • Used Zammad installation source: zammad/zammad-docker-compose
  • Used Keycloak version: 8.0.1
  • Operating system: Mac OS X 10.15
  • Browser + version: Firefox/71.0
  • Running Zammad behind a nginx reverse proxy
  • Host running Zammad:

Expected behavior:

I want to setup SAML Login with Keycloak. I followed the documentation on

I expected the behaviour that I can login with SAML via Keycloak.

Actual behavior:

After pressing the SAML login button, I get redirected to my keycloak site. The site ist telling me “Invalid Request”

Steps to reproduce the behavior:

I checked my Zammad config:

Here are the logfiles of Keycloak, Nginx & the Railserver

My Nginx config

My Docker Compose Config

I can’t really figure out what I missed or did wrong. Does anybody have an idea or solution. I would be very pleased.

I was able to fix the problem myself. I changed one configuration in my Keycloak client setup.

Changed the following:
Client Signature Required from on to off

Now I’m able to login as expected.

P.S. If anybody is interested how to provide the complete name (First- and Lastname) in Keycloak. Use a javascript mapper and take the following code:

var firstname = user.getFirstName();
var lastname = user.getLastName();
var fullname = firstname+' '+lastname;

exports = fullname;

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.