Open VincentSC opened 1 year ago
Hello! Thank you for your tutorial. Unfortunatlly, can not use the first step: "Load metadata from https:///auth/realms/master/protocol/saml/descriptor". Please, can you explain what should I full in this gaps:
Can not use the first step: "Load metadata from https:///auth/realms/master/protocol/saml/descriptor".
I fixed the text. The <domain>
and <keycloak-base>
parts were removed at some places. I hope you understood that you need to replace these parts with data from your environment. See for example https://www.itsfullofstars.de/2020/02/keycloak-download-saml-2-0-idp-metadata/ how to get the SAML descriptor, if the url does not work.
Do know that this is quite basic knowledge for Keycloak-administration. I therefore strongly suggest you read a bit further, to prevent from making some serious mistakes.
Hello! Thank you for your tutorial. I encountered an endless redirect after successful authorization (user session is displayed in keycloak -> Clients -> Sessions). I analyzed the connection with the SAML-Tracer tool and saw a infinity loop of the following picture.
Can you see anything errors? Or maybe you got this err, thank you very mutch
@VincentSC I want to add additional parameters during SSO login, such as kc_idp_hint=github
. What should I do
@YuanZhencai I don't know, as I'm not using that myself. Sorry.
Generally works. Not done yet:
Keycloak
Settings:
https://<domain>/sso/metadata
OnlyOffice
https://<domain>/sso/acs
https://<domain>/sso/acs
https://<domain>/sso/acs
https://<domain>/sso/slo/callback
email
RSA_SHA256
(or RSA_SHA512)Keys:
Client Scopes:
https://<domain>/sso/metadata-dedicated
OnlyOffice
https://<keycloak-base>/realms/master/protocol/saml/descriptor
email
rsa-sha256
(same as configured in Keycloak)-----BEGIN CERTIFICATE-----
,-----END CERTIFICATE-----,
-----BEGIN RSA PRIVATE KEY-----and
-----END RSA PRIVATE KEY-----`, else OnlyOffice will not accept.urn:oid:2.5.4.42
urn:oid:2.5.4.4
urn:oid:1.2.840.113549.1.9.1
Debugging
In onlyoffice-community-server you'll find the only interesting logging:
Feedback welcome on: