- Used Zammad version: zammad-3.1.0
- Used Zammad installation source: Helm chart
- Operating system: Linux
Hi guys, I’m new to zammad, and I’m following to this guide
to integrate saml authentication with keycloak.
I use this metadata from “https://your.zammad.domain/auth/saml/metadata” to import and create client in Keycloak, and what I see from this file is that it uses the domain with http.
What I’ve done so far is able to get to keycloak server by using SAML option, fill in with username and password. If I set “Valid Redirect URIs” in Keycloak to “https://your.zammad.domain/*”, I got “Invalid redirect uri” message, but if I set it to use http, it’s all fine and eventually redirect to our zammad domain using https, and I find this very confusing. Why it needs to redirect to http domain and eventually get to https domain?
If I login from http, once you done with saml authentication, it redirects to http, and same thing goes to https, it redirects to https. In my nginx configuration, I set the server name to listen to both 443 and 80, but I dont want to login from http, but zammad needs to redirect to http domain just to get to its final destination. If I disable port 80 I will throw the same error “invalid redirect urls”. I dont know whether this is from keycloak configuration or zammad itself. Any idea why this happens ? (Sorry for my bad english)