Zammad metadata https SAML from Keycloak


  • Used Zammad version: zammad-3.1.0
  • Used Zammad installation source: Helm chart
  • Operating system: Linux

Hi guys, I’m new to zammad, and I’m following to this guide

to integrate saml authentication with keycloak.
I use this metadata from “https://your.zammad.domain/auth/saml/metadata” to import and create client in Keycloak, and what I see from this file is that it uses the domain with http.

What I’ve done so far is able to get to keycloak server by using SAML option, fill in with username and password. If I set “Valid Redirect URIs” in Keycloak to “https://your.zammad.domain/*”, I got “Invalid redirect uri” message, but if I set it to use http, it’s all fine and eventually redirect to our zammad domain using https, and I find this very confusing. Why it needs to redirect to http domain and eventually get to https domain?

If I login from http, once you done with saml authentication, it redirects to http, and same thing goes to https, it redirects to https. In my nginx configuration, I set the server name to listen to both 443 and 80, but I dont want to login from http, but zammad needs to redirect to http domain just to get to its final destination. If I disable port 80 I will throw the same error “invalid redirect urls”. I dont know whether this is from keycloak configuration or zammad itself. Any idea why this happens ? (Sorry for my bad english)

You may want to replace your.zammad.domain with the fqdn of your Zammad installation.
Ensure it’s not redirecting. So if your instance operates via HTTPs, use HTTPS - if not, use HTTP

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.