You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
Next: Root
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
Anyone with experience getting SSO on Atlassian Datacenter products to work with Keycloak
I've added a new client with Keycloak, however the AuthnRequest keeps failing.
<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="ONELOGIN_fa70f13e-5058-411b-9b57-787ac254cbfb" Version="2.0" IssueInstant="2020-02-17T17:51:16Z" Destination="https://URL/realms/corp/protocol/saml" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" AssertionConsumerServiceURL="https://URL/bitbucket/plugins/servlet/samlconsumer">
<saml:Issuer>https://URL/bitbucket</saml:Issuer>
</samlp:AuthnRequest>
The error l see in the Keycloak logs is
error=invalid_authn_request, reason=invalid_destination
I would suggest try changing your destination URL to match your POST binding URL (i.e. the Atlassian product URL, not the Keycloak Realms URL)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Richard,
Thank you for your quick response and my apologies for not replying sooner. I've tried setting both the Assertion Consumer Service POST Binding URL and Assertion Consumer Service Redirect Binding URL in keycloak. It still wouldn't work.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.