Closed aloco closed 3 years ago
👋
I’ve never used Keycloak, so this one is new to me but it looks interesting!
i am wondering if you used the sp metadata from keycloak instead of the IdP metadata. If the SP and IdP should not have the same Entity ID. That is the unique id for the provider. Also, the error might hint at this as well because it’s missing items needed to process the sso (which idp metadata may have but sp doesn’t).
Look at contents and compare both metadata xml and see if they are the same. If they are this confirms the issue.
In Keycloak, you should be able to download their IdP metadata and import that into the Craft plugin.
Hi,
I figured it out. You were right, keycloak is also generating metadata for the SP which I wrongly used for the IdP metadata within the plugin. In keycloak you can find the IdP metadata when you go to "realm settings" -> "general" -> "endpoints". However, the SAML 2.0 Identity Provider Metadata results in a XML File with a list of Entity Descriptors as root element. Therefore the plugin can´t parse the XML, you must copy the desired <md:EntityDescriptor
entry from the XML, not the whole file. This might help someone in the future :)
Thank you for the small hint 👍
Hi,
thank you for working on this Craft extension!
We would like to use your extension for a variety of projects, currently I am having difficulties in setting up Craft CMS with a Keycloak IdP. I am sure this is just a matter of configuration, but currently I am lost since I am not experienced to SSO in general and would need some hints to proceed.
I will try to summarize the steps I have taken:
https://xxxxxxxxxxxxxx-cloud.at/sso/login/d972f78f-fa5d-4dd6-a283-a72f8f7128b6
asValid Redirect URIs
and asAssertation Consumer Service POST Binding URL
https://xxxxxxxxxxxxxx-cloud.at/sso/logout/d972f78f-fa5d-4dd6-a283-a72f8f7128b6
asLogout Service POST Binding URL
and asLogout Service Redirect Binding URL
468269e5-0804-4cec-95e1-d55a7a0980c9
'loginPath' => '/sso/login/request/468269e5-0804-4cec-95e1-d55a7a0980c9/d972f78f-fa5d-4dd6-a283-a72f8f7128b6'
to my config.phpIdP Metadata is missing SSO Service
What I am missing here?