Univention Bugzilla – Bug 56074
configure SimpleSAMLphp as a service provider in Keycloak
Last modified: 2023-09-25 09:23:48 CEST
SimpleSAMLPHP has to be altered so it can be a service provider in Keycloak
Just a small comment to clarify: An alternative title would be: Keycloak as IdP in SimpleSAMLphp
a541ae6de2e | SimpleSAMLPHP as a service provider in Keycloak
OK: The (still) unreleased documentation shows how to configure simplesamlphp as a service provider in keycloak OK: configuration reads attributes from LDAP OK: YAML OK: Keycloak Jenkins tests OK: UCS Jenkins tests Verified
<https://errata.software-univention.de/#/?erratum=5.0x706> <https://errata.software-univention.de/#/?erratum=5.0x707>
FYI: this introduced a Python 2 incompatibility which broke a very important customers whole SAML config, as they were still setting UCR variables for SAML in a Python 2 process. This patch will restore Python 2 compatibility: diff --git saml/univention-saml/conffiles/etc/simplesamlphp/00authsources.php saml/univention-saml/conffiles/etc/simplesamlphp/00authsources.php index dcec19737b..2c81ca07bd 100644 --- saml/univention-saml/conffiles/etc/simplesamlphp/00authsources.php +++ saml/univention-saml/conffiles/etc/simplesamlphp/00authsources.php @@ -79,7 +79,7 @@ print( php_string("uid=sys-idp-user,cn=users,%s" % base), php_string(password), php_string(base), - ), + ) ) @!@ // LDAP authentication source.