SAML Problem

[Alexandru Luca]

Hello,

I want to configure SAML Sign-on in AWX using Keycloak. 

But when I try to add the SOCIAL_AUTH_SAML_SP_PRIVATE_KEY I get an error Invalid certificate or key 

The full error: 

{ "SOCIAL_AUTH_SAML_SP_PRIVATE_KEY": [ "Invalid certificate or key: MIIEpQIBAAKCAQEAvw9FpFgsa5Trfgq540JsgEGPqWsnQCX1+XjguyNHHAof/IxzH2UyQ5vUUkjOpkQ1l0xRW1gdXDURH8osyXeC..." ] }

I am using AWX 17.1.0 and using http://awx/api/v2/settings/saml/ to add the SAML configuration. 

I have copied the Private Key, Certificate directly from the Keycloak client, so they match.

Do you have an idea?

Thanks!

[George Saber]

Hi there,

Were you able to get this to work?

Also, what documentation did you follow to set up the SAML Authentication and Keycloak needed setup?

I was following https://josh-tracy.github.io/Ansible_Tower_RedHatSSO/ and was able to get the "S" Logo to login with from AWX but after Clicking on it I get "We are Sorry ... Page Not Found" message.

[AWX Project]

I'm not sure if this will help but in the AWX project we have a way to setup and configure a Keycloak container next to AWX for testing.
Perhaps our configuration will help you troubleshoot yours?

The docs around this are at https://github.com/ansible/awx/tree/devel/tools/docker-compose#keycloak-integration
The playbook we used to "plumb" keycloak and AWX is located at: https://github.com/ansible/awx/blob/devel/tools/docker-compose/ansible/plumb_keycloak.yml

In addition, there is a slightly older blog which describes the configuration between RH SSO (Keycloak upstream) with Tower (AWX upstream): https://www.ansible.com/blog/red-hat-single-sign-on-integration-with-ansible-tower

Let us know if any of this helps.

-John