SAML Problem

Hello,

I want to configure SAML Sign-on in AWX using Keycloak.
But when I try to add the SOCIAL_AUTH_SAML_SP_PRIVATE_KEY I get an error Invalid certificate or key
The full error:
{ “SOCIAL_AUTH_SAML_SP_PRIVATE_KEY”: [ “Invalid certificate or key: MIIEpQIBAAKCAQEAvw9FpFgsa5Trfgq540JsgEGPqWsnQCX1+XjguyNHHAof/IxzH2UyQ5vUUkjOpkQ1l0xRW1gdXDURH8osyXeC…” ] }

I am using AWX 17.1.0 and using http://awx/api/v2/settings/saml/ to add the SAML configuration.

I have copied the Private Key, Certificate directly from the Keycloak client, so they match.

Do you have an idea?

Thanks!

Hi there,

Were you able to get this to work?
Also, what documentation did you follow to set up the SAML Authentication and Keycloak needed setup?

I was following https://josh-tracy.github.io/Ansible_Tower_RedHatSSO/ and was able to get the “S” Logo to login with from AWX but after Clicking on it I get “We are Sorry … Page Not Found” message.

I’m not sure if this will help but in the AWX project we have a way to setup and configure a Keycloak container next to AWX for testing.
Perhaps our configuration will help you troubleshoot yours?

The docs around this are at https://github.com/ansible/awx/tree/devel/tools/docker-compose#keycloak-integration
The playbook we used to “plumb” keycloak and AWX is located at: https://github.com/ansible/awx/blob/devel/tools/docker-compose/ansible/plumb_keycloak.yml

In addition, there is a slightly older blog which describes the configuration between RH SSO (Keycloak upstream) with Tower (AWX upstream): https://www.ansible.com/blog/red-hat-single-sign-on-integration-with-ansible-tower

Let us know if any of this helps.

-John