Replies: 1 comment 1 reply
-
|
Are you using a http or a https enabled cloudstack setup ? |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Https with self signed cert on cloudstack and keycloak. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi, I have configured my Cloudstack 4.22 to integrate with Keycloak 26.5.5 via Saml.
I have read #4519 and it seems to imply that Cloudstack supports both signing and encryption for the payload for Saml.
However, to get my Keycloak to work, I need to turn off encryption of the assertions. Else, I will get "Failed to find admin configured username attribute in the SAML Response. Please ask your administrator to check SAML user attribute name." which I think is because Cloudstack is not able to decrypt the payload from Keycloak. I am using the Key that is provided from the getSPMetadata for both the signing and encryption in Keycloak.
For the signing, there is a Global configuration named "saml2.check.signature". However, even with this turned on, I can still sign in using Saml when "Client signature required" setting is turned OFF in Keycloak. So I am not sure if the Cloudstack "saml2.check.signature" settings is actually enforcing signature checking requirement.
Beta Was this translation helpful? Give feedback.
All reactions