Configuring SSO with Keycloak

before performing sso configuration, make sure that the value of the domain parameter in the config ini configuration file is the current domain name of the passwork server this is necessary so that idp can download the https //\<your passwork>/sso/metadata file from your server your server must be configured to run over https protocol example parameter in config ini domain = https //passwork example com go to the clients and click create download the export file with example settings and change the following values to match your host address import the export file on the add client page go to client scopes and click role list in the mappers tab, select role list set the saml attribute nameforma t parameter to basic and enable single role attribute open the realm settings , copy the required values, and add them to the sso configuration interface in passwork in the realm settings , go to the keys tab, click on certificate , and copy its value into the corresponding field in the sso settings in passwork click the log in with sso on the passwork login page and try to log in to test it errors and their descriptions in case of errors, they will be recorded in the php log 1\ the response from sso cannot be correctly decrypted because the certificate fingerprint has been copied incorrectly or is the fingerprint of an incorrect certificate onelogin saml2 error invalid response lasterrorreason signature validation failed saml response rejected in /var/www/app/modules/admin/sso/ssocontroller php 78\nstack trace \n#0 \[internal function] passwork\\\modules\\\admin\\\sso\\\ssocontroller >acsaction()\n#1 \[internal function] phalcon\\\dispatcher\\\abstractdispatcher >callactionmethod()\n#2 \[internal function]\ phalcon\\\dispatcher\\\abstractdispatcher >dispatch()\n#3 /var/www/public/index php(91) phalcon\\\mvc\\\application >handle()\n#4 {main} 2\ the current host value in the config ini parameter domain is specified incorrectly onelogin saml2 error invalid array settings sp acs url invalid, sp sls url invalid in /var/www/app/vendors/php saml/lib/saml2/settings php 122\nstack trace \n#0 /var/www/app/vendors/php saml/lib/saml2/auth php(152) onelogin saml2 settings > construct()\n#1 /var/www/app/modules/admin/sso/ssoservice php(53) onelogin saml2 auth > construct()\n#2 /var/www/app/modules/admin/sso/ssocontroller php(33) passwork\\\modules\\\admin\\\sso\\\ssoservice >getauth()\n#3 \[internal function] passwork\\\modules\\\admin\\\sso\\\ssocontroller >loginaction()\n#4 \[internal function] phalcon\\\dispatcher\\\abstractdispatcher >callactionmethod()\n#5 \[internal function] phalcon\\\dispatcher\\\abstractdispatcher >dispatch()\n#6 /var/www/public/index php(91) phalcon\\\mvc\\\application >handle()\n#7 {main}, referer 3\ the user lacks the attribute required for authentication onelogin saml2 error invalid response lasterrorreason the status code of the response was not success,was responder > urn\ oasis\ names\ tc\ saml 2 0\ status\ invalidnameidpolicy in /var/www/app/modules/admin/sso/ssocontroller php 78\nstack trace \n#0 \[internal function]\ passwork\\\modules\\\admin\\\sso\\\ssocontroller >acsaction()\n#1 \[internal function] phalcon\\\dispatcher\\\abstractdispatcher >callactionmethod()\n#2 \[internal function]\ phalcon\\\dispatcher\\\abstractdispatcher >dispatch()\n#3 /var/www/public/index php(91) phalcon\\\mvc\\\application >handle()\n#4 {main}