Help setting up XDMoD and Keyclock(SAML)

Get Help
1

I’m trying to integrate XDMoD into the OOD dashboard.
But it doesn’t work well. I don’t know how to set it up correctly.

If anyone has set up Keycloak and XDMoD, please let me know it.

Can someone provide the 3 files related to php below?
(authsources.php, config.php, saml20-idp-remote.php)

And let me know how to set up Keycloak(saml) in detail.

I can’t find anything about this in the manual.

Thank you~!

[Keycloak Log]
2021-06-09 07:30:43,238 WARN [org.keycloak.events] (default task-27) type=LOGIN_ERROR, realmId=ondemand, clientId=null, userId=null, ipAddress=XXX.XX.XX.XXX, error=invalid_redirect_uri

[XDMoD Auth test]

image
image1433×1070 67.4 KB

2

Hi and welcome! @tdockendorf do you have any insight here?

3

For the config.php I only modify the following values:

  • secretsalt
  • auth.adminpassword

The comments above secretsalt give examples of how to generate the value.

I put authsources and our Keycloak JSON configs here: XDMOD and Keycloak · GitHub

The saml20-idp-remote.php I got from using the simplesamlphp interface, somewhere once you have the config.php and authsources.php is a way to generate the metadata. Looking at my notes I think you go to https://<XDMOD server name>/simplesaml/module.php/saml/sp/metadata.php/default-sp and it will need information from Keycloak which I got by doing this curl https://<Keycloak server name>/auth/realms/<REALM name>/protocol/saml/descriptor. If I remember correctly that will generate the PHP you need for the saml20-idp-remote.php.

I used Puppet to generate the certs specific to the simplesamplphp SP but the command you can use to generate them is here: Open XDMoD - Setting up XDMoD for LDAP Authentication. Further details about the XDMOD side of things is here: Open XDMoD - Single Sign On Guide

Based on the errors you got it looks like your redirect URL in Keycloak is wrong, the value you should use is in the Keycloak Client JSON in the Gist linked above.

4

You gave me the answer that I need.
I’m going to do as you said.

Thank you for your reply.
Have a nice day :slight_smile: