You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.
View groupJoin the community to find out what other Atlassian users are discussing, debating and creating.
Anyone with experience getting SSO on Atlassian Datacenter products to work with Keycloak
I've added a new client with Keycloak, however the AuthnRequest keeps failing.
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ONELOGIN_fa70f13e-5058-411b-9b57-787ac254cbfb" Version="2.0" IssueInstant="2020-02-17T17:51:16Z" Destination="https://URL/realms/corp/protocol/saml" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://URL/bitbucket/plugins/servlet/samlconsumer">
<saml:Issuer>https://URL/bitbucket</saml:Issuer>
</samlp:AuthnRequest>
The error l see in the Keycloak logs is
error=invalid_authn_request, reason=invalid_destination
I would suggest try changing your destination URL to match your POST binding URL (i.e. the Atlassian product URL, not the Keycloak Realms URL)
Hi Richard,
Thank you for your quick response and my apologies for not replying sooner. I've tried setting both the Assertion Consumer Service POST Binding URL and Assertion Consumer Service Redirect Binding URL in keycloak. It still wouldn't work.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I'm Alison Huselid, Head of Product for Data Center at Atlassian. As we shared in our last post, we’ve been working on a solution for those of you who work for charitable non-profit organizations tha...
Connect with like-minded Atlassian users at free events near you!
Find an eventConnect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.
Host an eventYou're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.