keyCloak SAML login to aws managed grafana

Gert · June 13, 2023, 10:10am

I try to use keycloak as authentication into AWS managed grafana which only supports SAML.
Does anyone have a similar setup and can explain which fields to configure?
Whatever I do I either get “failed to save the SAML received information” when setting “sign assertions”=ON or I get “failed to determine the state of the SSO redirect” with “sign assertions=off”
I also do not know how to debug this since I cannot see which data is actually returned by keycloak to the AWS grafana workspace login page.

Any help would be appreciated.
kind regards,
Gert

Gert · June 14, 2023, 1:35pm

I managed to get it working finally.
The main issue was I had to set “sign documents”=off and “sign assertions”=on + set SAML signature key name=CERT_SUBJECT.
I also had to add a predefined “role list” mapper to return keycloak roles to AWS + define an additional setting in AWS SAML with an editor role value set to the editor role I defined in keycloak.

Gert.

Topic		Replies	Views
Access amazon managed Grfana dashboard using keycloak user (wittout EKS) Configuring the server admin-console , authentication , user-federation , saml	0	455	April 4, 2023
AWS IAM "Your request included an invalid SAML response" Configuring the server	3	3016	April 19, 2020
AWS SAML with Keycloak 24.0.2 - Roles ldap , saml	1	290	April 11, 2024
AWS SP using keycloak as an IDP Configuring the server saml	1	460	February 14, 2022
Don't include REALM roles in SAML Getting advice admin-console , saml	1	582	September 23, 2022

keyCloak SAML login to aws managed grafana

Related topics