Hi. I've spent quite a bit working through how to get SSO working with Keycloak using SAML, and I succeeded finally in getting that to go. We have 3 nodes in our test cluster and a round-robin DNS entry pointing to all 3 of them (just calling them node-1, node-2, and node-3 here.
The configuration we did for this to work involved creating an SP cert and key, which I had to copy into the mgr containers in order to work: ceph dashboard sso setup saml2 https://node-1:8443 https://keycloak/realms/ceph/protocol/saml/descriptor username https://keycloak/realms/ceph /tmp/sp-cert.txt /tmp/sp-key.txt I'm able to log in fine (get sent to keycloak and directed back) as long as the management server is running on node-1, if I fail it over to node-2, I get prompted to go to keycloak and log in, but then receive this error in the browser: {"status": "415 Unsupported Media Type", "detail": "Expected an entity of content type application/json, text/javascript", "request_id": "dd5a9f68-a86c-462f-b25d-3d881e0fc350"} I know I didn't post all details of everything in this setup, but maybe my description of what's going on is useful. Does anyone have any ideas about this, or have suggestions as to getting proper failover + SSO for the dashboard? Thanks for any suggestions. _______________________________________________ ceph-users mailing list -- ceph-users@ceph.io To unsubscribe send an email to ceph-users-le...@ceph.io
