Announcement

Collapse
No announcement yet.

Keycloak SSO

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Keycloak SSO

    Has anyone successfully set up SSO with Keycloak. I managed to get KC to display a login screen and create a session, but the Espo page seems to be raising an error.
    has anyone got some detail about which URL exactly I shoudl be setting up between Espo and the Keycloak client settings?
    Thanks
    M

  • #2
    Would be helpful if you provided more details about the error. From Espo log file, from the browser console, a screenshot.

    Comment


    • #3
      [2023-10-07 16:34:27] ERROR: OIDC: Bad token request.; Status: 400; Response: {"error":"invalid_client","error_description":" Par ameter client_assertion_type is missing"}
      [2023-10-07 16:34:27] ERROR: (0) GET /App/user; line: 249, file: [root_folder]\application\Espo \Core\Authentication\Oidc\Login.php​

      Comment


      • #4
        See https://github.com/espocrm/espocrm/issues/2786 and https://docs.espocrm.com/administration/oidc/ in the Details list (see client_secret_jwt and private_key_jwt methods are not supported​).

        Comment


        • #5
          Thanks Yuri.
          I'm still getting my head around Connect ID. I will document the settings that I end up with for others to use.
          Thanks again

          Comment


          • #6
            Originally posted by murray99 View Post
            I will document the settings that I end up with for others to use.
            Hi murray99,

            did you succeed with the SSO? I just started the project but w/o success. I see the logon screen but afterwards the login failed. In KC there's no error but in Espo there's a "invalid credentials". Do they need to match in KC and Espo?

            Comment

            Working...
            X