SAML and Keycloak related - infinite redirects or error

[Ilias Chasapakis]

Hallo everyone,

I am struggling with SAML and Keycloak. I get the response from keycloak and the SAML tracer I use to troubleshoot reports success. Same does the simplesaml test page. I can see correct attributes. But when I try to login I get an infinite loop. Cookies seem also ok both sides. I am lost now. I use the dockerized version with Traefik as reverse proxy. Other hosts on it that use OpenID instead of SAML and have "native" Keycloak support, have no issues so I would not immediately put the blame there (but perhaps I miss something). The worse part is that all logs are completely empty, the resourcespace one, the simplesaml one... In general I see no clues that can help me. Keycloak logs are fine because the session is perfectly initiated and token issues. 

It is on the SP side and so without logs I cannot do anything about it, I would just go by guessing.

I also tried this unofficial plugin: https://github.com/ppzvjs/resourcespace_plugin_keycloak

But in that case too keycloak issues what is necessary for the session and then a screen from RS comes stating that "something went wrong" and asks to go back to login.

I know these is not super detailed as a description but as you might have been through that you might also have already some ideas of what goes wrong there.

It would be wonderful if a great web-app like RS had a simpler integration or a full guide for a such popular SSO/IdP as keycloak.

Would be happy to hear from you.

Best
Ilias