Asking help for SAML configuration

[cedgnans]

Hi, I'm setting up SAML configuration with keycloak and I followed the youtube video about it. But I still have a problem. I didn't have the authentication page when I set everything up as this photo shows. I should also acknowledge that I am a newbie to keycloak configuration.

Here a portion of my keycloak log file

docker logs a09dc9e757ee

2024-12-05 15:17:07,613 WARN [org.keycloak.events] (executor-thread-42) type="LOGIN_ERROR", realmId="1bc2d6c7-ac3f-4c0f-b6fc-9685f5ccdb86", realmName="OpenDCIM", clientId="null", userId="null", ipAddress="172.17.0.1", error="invalid_signature"
2024-12-05 15:22:53,886 ERROR [org.keycloak.protocol.saml.SamlService] (executor-thread-42) request validation failed: org.keycloak.common.VerificationException: SigAlg was null
at org.keycloak.protocol.saml.SamlProtocolUtils.verifyRedirectSignature(SamlProtocolUtils.java:154)
at org.keycloak.protocol.saml.SamlProtocolUtils.verifyRedirectSignature(SamlProtocolUtils.java:144)
at org.keycloak.protocol.saml.SamlService$RedirectBindingProtocol.verifySignature(SamlService.java:836)
at org.keycloak.protocol.saml.SamlService$BindingProtocol.handleSamlRequest(SamlService.java:314)
at org.keycloak.protocol.saml.SamlService$BindingProtocol.execute(SamlService.java:720)
at org.keycloak.protocol.saml.SamlService.redirectBinding(SamlService.java:888)
at org.keycloak.protocol.saml.SamlService$quarkusrestinvoker$redirectBinding_f029009a8f864880d0a24aa96e434ce2f5c9e801.invoke(Unknown Source)
at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)
at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:635)
at org.jboss.threads.EnhancedQueueExecutor$Task.doRunWith(EnhancedQueueExecutor.java:2516)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2495)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1521)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:11)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:11)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:1583)

2024-12-05 15:22:53,889 WARN [org.keycloak.events] (executor-thread-42) type="LOGIN_ERROR", realmId="1bc2d6c7-ac3f-4c0f-b6fc-9685f5ccdb86", realmName="OpenDCIM", clientId="null", userId="null", ipAddress="172.17.0.1", error="invalid_signature"

[timlegge]

The invalid signature is the important part there. You need to import the signing certificate from OpenDCIM into your key cloak server. I was trying to spin up my key cloak server this morning but I haven't gotten it to work yet

…

On Thu, Dec 5, 2024, 11:33 a.m. cedgnans ***@***.***> wrote: Hi, I'm setting up SAML configuration with keycloak and I followed the youtube video about it. But I still have a problem. I didn't have the authentication page when I set everything up as this photo shows. I should also acknowledge that I am a newbie to keycloak configuration. image.png (view on web) <https://github.com/user-attachments/assets/dacaf476-ca29-46f2-9c26-ebce61e43485> Here a portion of my keycloak log file docker logs a09dc9e757ee 2024-12-05 15:17:07,613 WARN [org.keycloak.events] (executor-thread-42) type="LOGIN_ERROR", realmId="1bc2d6c7-ac3f-4c0f-b6fc-9685f5ccdb86", realmName="OpenDCIM", clientId="null", userId="null", ipAddress="172.17.0.1", error="invalid_signature" 2024-12-05 15:22:53,886 ERROR [org.keycloak.protocol.saml.SamlService] (executor-thread-42) request validation failed: org.keycloak.common.VerificationException: SigAlg was null at org.keycloak.protocol.saml.SamlProtocolUtils.verifyRedirectSignature(SamlProtocolUtils.java:154) at org.keycloak.protocol.saml.SamlProtocolUtils.verifyRedirectSignature(SamlProtocolUtils.java:144) at org.keycloak.protocol.saml.SamlService$RedirectBindingProtocol.verifySignature(SamlService.java:836) at org.keycloak.protocol.saml.SamlService$BindingProtocol.handleSamlRequest(SamlService.java:314) at org.keycloak.protocol.saml.SamlService$BindingProtocol.execute(SamlService.java:720) at org.keycloak.protocol.saml.SamlService.redirectBinding(SamlService.java:888) at org.keycloak.protocol.saml.SamlService$quarkusrestinvoker$redirectBinding_f029009a8f864880d0a24aa96e434ce2f5c9e801.invoke(Unknown Source) at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29) at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141) at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:147) at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:635) at org.jboss.threads.EnhancedQueueExecutor$Task.doRunWith(EnhancedQueueExecutor.java:2516) at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2495) at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1521) at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:11) at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:11) at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30) at java.base/java.lang.Thread.run(Thread.java:1583) 2024-12-05 15:22:53,889 WARN [org.keycloak.events] (executor-thread-42) type="LOGIN_ERROR", realmId="1bc2d6c7-ac3f-4c0f-b6fc-9685f5ccdb86", realmName="OpenDCIM", clientId="null", userId="null", ipAddress="172.17.0.1", error="invalid_signature" — Reply to this email directly, view it on GitHub <#1581>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAH3N64ZY7PNE3TGXZUD5K32EBW2ZAVCNFSM6AAAAABTCXNOGOVHI2DSMVQWIX3LMV43ERDJONRXK43TNFXW4OZXGYYTONZYGM> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[cedgnans]

Okay, I'll check it out