Skip to content

Commit

Permalink
Fix list item spacing
Browse files Browse the repository at this point in the history
  • Loading branch information
@ptgott
ptgott committed Jan 14, 2025
1 parent 442ae23 commit 0341e52
Showing 1 changed file with 4 additions and 11 deletions.
15 changes: 4 additions & 11 deletions docs/pages/admin-guides/access-controls/sso/keycloak.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,19 +104,14 @@ $ tctl sso configure saml --name keycloak \
In the example above:

- `--entity-descriptor` specifies the app federation metadata URL

- Each `--attributes-to-roles` specifies the name of the schema definition for groups,
groups, the name of a Keycloak group and the Teleport role that members of the group
will be assigned.

- Keycloak includes an explicit leading `/` in the group name,
which is reflected in the group name specified in the above example.

- `--acs` specifies where the SAML provider makes callbacks after successful authentication.

- `--audience` uniquely identifies your service provider (Teleport).


The file `keycloak-connector.yaml` should now resemble the following:

```yaml
Expand Down Expand Up @@ -338,18 +333,17 @@ Update the connector by saving and closing the file in your editor.

- Navigate to the **Keys** tab, and enable "Client Signature Required"

![Enable client signature](../../../../img/sso/keycloak/client_signature.png)
![Enable client signature](../../../../img/sso/keycloak/client_signature.png)

- Import the converted cert.pkcs12 certificate

![Import Signature](../../../../img/sso/keycloak/Import_signature.png)
![Import Signature](../../../../img/sso/keycloak/Import_signature.png)

Be sure to enter the correct **name** and **password**
defined when converting the certificate as the **Key Alias** and **Store Password.**
Be sure to enter the correct **name** and **password** defined when converting
the certificate as the **Key Alias** and **Store Password.**

- Click **Confirm** to activate it.


If the SSO login with this connector is successful, the client signature validation works.

## Troubleshooting
Expand All @@ -373,6 +367,5 @@ To resolve the issue:
- Refer to the **Client Certificate Signature validation** section
to review the certificate configuration. Ensure the certificate is up-to-date
and the private key is properly paired with it.

- Once the above has been verified, temporarily add the `spec.provider: ping` parameter
to the Keycloak auth connector to match Keycloak strict signature requirements.

0 comments on commit 0341e52

Please sign in to comment.