saz
December 15, 2023, 1:13pm
1
Used Zammad version: 6.2.0
Used Zammad installation type: source
Operating system: Ubuntu Focal
Browser + version: N/A
Zammad sends only required requests to Keycloak
As those are GET requests, there’s no additional payload and no URL params set.
I’m not sure, if this is a bug or just a configuration issue, although there’s not much to configure to get SAML working.
No idea, maybe setting up SAML with Keycloak is already enough?
Make sure that these callback URLs are actually correct and fitting.https://admin-docs.zammad.org/en/latest/settings/security/third-party/saml.html
Same here, I double checked the config and according to the mentioned documentation the very same saml endpoint should be configured that in return results in a lot of 400 GET errors.
1 Like
saz
March 11, 2024, 2:31pm
4
I’ve followed the docs.
Keycloak reports the following error:
Mar 11 14:42:27 keycloak1 keycloak[2145921]: 2024-03-11 14:42:27,650 WARN [org.keycloak.events] (executor-thread-569) type="LOGIN_ERROR", realmId="8b4fce40-843b-44d5-8d47-ecbd16ad6efc", clientId="null", userId="null", ipAddress="<removed>", error="saml_token_not_found"
I’ve added the keycloak client via the XML config retrieved from zammad.
Maybe the Client ID https://zammad.example.com/auth/saml/metadata is wrong? But that’s what can be found within the XML
This seems to be the overeager TLS verification check request during the initialization phase of the SAML client. We removed the check last week .
2 Likes
saz
March 22, 2024, 4:00pm
6
Looks like the issue has been resolved for me.
2 Likes