cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vogel, Sven" <Sven.Vo...@kupper-computer.com>
Subject SAML / Keycloak (RH SSO) Authentification Problem
Date Thu, 22 Jun 2017 13:19:53 GMT
Hi Team, Hi Rohit,

we try to integrate keycloak as our SAML IDP. We use CS 4.9.2.0.


1.       We defined users into LDAP and imported them in keycloak

2.       Created a IDP with keycloak and http://XXXX:8080/client/api?command=getSPMetadata
Metadata Information
Pictures:
https://mybox.vboxvault.de/invitations?share=3612cd6e2cb0e554c59f&dl=0
https://mybox.vboxvault.de/invitations?share=076085f3415077012d7c&dl=0

3.       Map keycloak username to uid

Pictures:

https://mybox.vboxvault.de/invitations?share=ba578d8c2dd2db3ead6f&dl=0

4.       Import User from LDAP and Activate them to the SSO Instance

Picture:

https://mybox.vboxvault.de/invitations?share=785ee9b0df5ec976f397&dl=0

https://mybox.vboxvault.de/invitations?share=24428f64858526fd4401&dl=0

5.       We Choose the SAML Provider on the Cloudstack login page and we will redirected correctly
to the keycloak login page. we put our credentials into and redirection back to cloudstack
starts.
--After that we get the following error

---snip
<loginresponse cloud-stack-version="4.9.2.0">
<errorcode>531</errorcode>
<errortext>
Failed to find admin configured username attribute in the SAML Response. Please ask your administrator
to check SAML user attribute name.
</errortext>
</loginresponse>
---snip


6.       When we look at a browser trace with a saml plugin we see a success.

Picture:

https://mybox.vboxvault.de/invitations?share=fa038b7c2b2d4c6f1dcd&dl=0

7.       Our SAML Cloudstack Settings / they seems to be okay
Picture:
https://mybox.vboxvault.de/invitations?share=87fe39bb415461f40154&dl=0


our Web Developer tried it with a Simple SAML PHP Library and there all things work with keycloak.
We checked there all values and the uid. You will see the uid are correctly set. saml2.user.attribute.
Picture
https://mybox.vboxvault.de/invitations?share=c727b8f5dfc678318938&dl=0




Best regards

Sven Vogel
Head of Cloud Solutions



Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message