GitHub user chunkyen edited a discussion: Saml with Keycloak, signing and encryption confusion
Hi, I have configured my Cloudstack 4.22 to integrate with Keycloak 26.5.5 via Saml. I have read [https://github.com/apache/cloudstack/issues/4519](url) and it seems to imply that Cloudstack supports both signing and encryption for the payload for Saml. However, to get my Keycloak to work, I need to turn off encryption of the assertions. Else, I will get "Failed to find admin configured username attribute in the SAML Response. Please ask your administrator to check SAML user attribute name." which I think is because Cloudstack is not able to decrypt the payload from Keycloak. I am using the Key that is provided from the getSPMetadata for both the signing and encryption in Keycloak. For the signing, there is a Global configuration named "saml2.check.signature". However, even with this turned on, I can still sign in using Saml when "Client signature required" setting is tured OFF. So I am not sure if the Cloudstack "saml2.check.signature" settings is actually enforcing signature checking requirement. GitHub link: https://github.com/apache/cloudstack/discussions/12788 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected]
