Keycloak SSO

**yuri** · 10-06-2023, 06:50 PM

Would be helpful if you provided more details about the error. From Espo log file, from the browser console, a screenshot.

**murray99** · 10-08-2023, 02:54 PM

[2023-10-07 16:34:27] ERROR: OIDC: Bad token request.; Status: 400; Response: {"error":"invalid_client","error_description":" Par ameter client_assertion_type is missing"}
[2023-10-07 16:34:27] ERROR: (0) GET /App/user; line: 249, file: [root_folder]\application\Espo \Core\Authentication\Oidc\Login.php

**yuri** · 10-08-2023, 03:12 PM

See https://github.com/espocrm/espocrm/issues/2786 and https://docs.espocrm.com/administration/oidc/ in the Details list (see client_secret_jwt and private_key_jwt methods are not supported).

**murray99** · 10-08-2023, 03:22 PM

Thanks Yuri.
I'm still getting my head around Connect ID. I will document the settings that I end up with for others to use.
Thanks again

**estehr** · 11-06-2023, 11:03 AM

Originally posted by murray99

I will document the settings that I end up with for others to use.

Hi murray99,

did you succeed with the SSO? I just started the project but w/o success. I see the logon screen but afterwards the login failed. In KC there's no error but in Espo there's a "invalid credentials". Do they need to match in KC and Espo?

Keycloak SSO

Keycloak SSO

Comment

Comment

Comment

Comment

Comment