LDAP -> Keycloak migration

We are migrating from LDAP to keycloak authentication.

Tried following the various documentation and am constantly hit with an:
"We are sorry...

Invalid Request"

when posit attempts to communicate with the keycloak server.

From logfile:

time="2023-07-28T13:06:59.396Z" level=debug msg="SAML request received with path /login" region=saml
time="2023-07-28T13:06:59.410Z" level=warning msg="Warning: The configured IdP signing certificate is overridden by the specified metadata."
time="2023-07-28T13:06:59.411Z" level=debug msg="Found a SAML encryption key" region=saml
time="2023-07-28T13:06:59.411Z" level=debug msg="Creating authentication request" region=saml
time="2023-07-28T13:06:59.411Z" level=debug msg="Returning authentication request as redirect" region=saml

As shown by the comments in the SAML section of my rstusdio-connect.gcfg I've tried various iterations of the configuration as shown min the documentaion.

; SSOInitiated = IdP
IdPMetaDataURL = "https://key.kcc.tju.edu/realms/Posit/protocol/saml/descriptor"
; IdPAttributeProfile = default

; the unique identifier for a user over time
UniqueIdAttribute = NameID
; UniqueIdAttribute = GUID

NameIDFormat = persistent
; NameIDFormat = transient

UsernameAttribute = Username
FirstnameAttribute = FirstName
LastnameAttribute = LastName
EmailAttribute = Email
GroupsAttribute = Groups

IdPSigningCertificate = /etc/ssl/certs/TJH-CA.pem
SPEncryptionKey = /certs/skccapp02pa-private.pem
SPEncryptionCertificate = /certs/skccapp02pa.pem

; Enable this for a better user experience, unless
; managing a large number of groups is a concern:
GroupsAutoProvision = true
; When attempting to troubleshoot a problem relating to SAML,
; you can enable more verbose logging by enabling the following line
Logging = true

; IdPEntityID = "https://key.kcc.tju.edu/realms/Posit"
; IdPEntityID = "https://key.kcc.tju.edu/realms/Posit/protocol/saml/descriptor"
; IdPSingleSignOnServiceURL = https://key.kcc.tju.edu/login

This topic was automatically closed 42 days after the last reply. New replies are no longer allowed.

If you have a query related to it or one of the replies, start a new topic and refer back with a link.