Hi Team, Hi Rohit, we try to integrate keycloak as our SAML IDP. We use CS 4.9.2.0.
1. We defined users into LDAP and imported them in keycloak 2. Created a IDP with keycloak and http://XXXX:8080/client/api?command=getSPMetadata Metadata Information Pictures: https://mybox.vboxvault.de/invitations?share=3612cd6e2cb0e554c59f&dl=0 https://mybox.vboxvault.de/invitations?share=076085f3415077012d7c&dl=0 3. Map keycloak username to uid Pictures: https://mybox.vboxvault.de/invitations?share=ba578d8c2dd2db3ead6f&dl=0 4. Import User from LDAP and Activate them to the SSO Instance Picture: https://mybox.vboxvault.de/invitations?share=785ee9b0df5ec976f397&dl=0 https://mybox.vboxvault.de/invitations?share=24428f64858526fd4401&dl=0 5. We Choose the SAML Provider on the Cloudstack login page and we will redirected correctly to the keycloak login page. we put our credentials into and redirection back to cloudstack starts. --After that we get the following error ---snip <loginresponse cloud-stack-version="4.9.2.0"> <errorcode>531</errorcode> <errortext> Failed to find admin configured username attribute in the SAML Response. Please ask your administrator to check SAML user attribute name. </errortext> </loginresponse> ---snip 6. When we look at a browser trace with a saml plugin we see a success. Picture: https://mybox.vboxvault.de/invitations?share=fa038b7c2b2d4c6f1dcd&dl=0 7. Our SAML Cloudstack Settings / they seems to be okay Picture: https://mybox.vboxvault.de/invitations?share=87fe39bb415461f40154&dl=0 our Web Developer tried it with a Simple SAML PHP Library and there all things work with keycloak. We checked there all values and the uid. You will see the uid are correctly set. saml2.user.attribute. Picture https://mybox.vboxvault.de/invitations?share=c727b8f5dfc678318938&dl=0 Best regards Sven Vogel Head of Cloud Solutions
