getsentry / sentry

Developer-first error tracking and performance monitoring
https://sentry.io
Other
39.14k stars 4.2k forks source link

Sentry SAML2 auth with Keycloak #71115

Open Tellz777 opened 6 months ago

Tellz777 commented 6 months ago

Self-Hosted Version

24.2.0

CPU Architecture

amd64

Docker Version

20.10.16

Docker Compose Version

2.6.0

Steps to Reproduce

Im trying to configure SSO auth with Keycloak (SAML2) using this docs:

https://yyhh.org/blog/2020/10/how-to-setup-saml2-authentication-on-sentry-with-keycloak/

After completion of the steps from that article:

- Sentry SSO configuration page is green ✅
- I see "Login with SAML2" button and it redirects me successfully to Sentry UI ✅
- In Keycloak in the "Sessions" tab of Sentry client I see correct email address (@gmail) ✅

The problems are:

- In Sentry UI Im still using superpower user even after successful logging via SSO.
- Even if in the Settings "Default Role" equals to "Member" Im still superpower user.
- In Members list I dont see my SSO user. Only locally created superuser.

Expected Result

I successfully entering Sentry using SSO. After first successful logging user should be created automatically, "Member" role should be assigned (cause in the Settings "Default Role" equals to "Member") and user appears in Sentry members list.

Actual Result

After successful redirect via SSO I see that Im still using locally created superpower user. In Members list I dont see that my SSO user was created in Sentry UI. Only locally created superuser.

Event ID

No response

getsantry[bot] commented 5 months ago

Assigning to @getsentry/support for routing ⏲️

getsantry[bot] commented 5 months ago

Routing to @getsentry/product-owners-sign-in for triage ⏲️

niknozhenko commented 4 months ago

I ran into the same issue. Its a cache problem, probably somewhere in redis. I asked another person to try it and he successfully logged in under his own user.

Dentling commented 1 week ago

Im having the same issue. Im logging into my SSO-User using Saml2 but in the UI im then using the initially-created AdminUser.

I already restarted the redis instances to rule out a cache issue.

leedongwei commented 1 week ago

@Dentling I don't quite understand your issue. Is it that you're trying to log into a random user, but somehow it's going into the original Sentry org owner?

If so, can you try using a incognito browser? I think the original Sentry org owner session is persisting on your browser.