Jeroen,
Thanks a lot to have taken the time.
Lots of good infos here.
I should have use the import feature instead of creating the keycloak
client manually.
Thanks to that, the option "Client Signature Required" works and I can
encrypt or not the answer too.
Alas, same error in Sogo's log.
I
Thanks for that Jeroen. I need to do the same and this will help.
--
Daniel Kollmer
Computer Technology Group
NIKHEF - Dutch National Institute for Sub-atomic Physics
Science Park 105 1098 XG Amsterdam
Phone: +31205922164
On 7/23/20 10:42 AM, "Jeroen" (jeroen.va...@nevel.io) wrote:
> Hi Kenny,
Hi Kenny,
First, just know that I am by no means an expert in SOGo. I just got SAML to
work with it and I can share what I have done :) .
We have defined a SOGoUserSource (in our case, the same ldap as is used by
Keycloak). It is still required for non-SAML endpoints such as ActiveSync,
Hi Mj,
I was sure to have seen that problem in an old post, and indeed I found
it, and it was from you :)
(https://www.mail-archive.com/users@sogo.nu/msg27428.html)
Was the solution given in the answer not good?
Thanks,
Kenny
On 19/07/20 16:51, mj (li...@merit.unu.edu) wrote:
> Hi Kenny,
>
>
Hi Jeroen,
Thanks for your help.
I put back my keycloak test server on and tried your ideas, but no luck.
The Saml2 assertion includes both email & username fields with the
correct value.
But I still got the same exact error.
I see in sogo logs, when first accessing Sogo, before the
Hi Kenny,
In the past, we also setup a PoC with SOGo / keycloak / SAML2. For IMAP
authentication, we used:
https://github.com/ck-ws/pam-script-saml
But because of the SAML2 sessions timeing out, we went back to regular
LDAP auth. We would like to move to SAML2, so we're following the recent
Hi Kenny,
I have been trying to get SAML to work with SOGo as well. In Keycloak
the following configuration works:
Client scopes: none
Mappers: fill in "email" and "username" with information from your
credentials provider
Set scope to "full scope allowed"
In the SOGo config file we have
Going on with my attemps to connect Sogo to LemonLdap, I tried also with
the SAML protocol.
Few weeks ago, I first tried with Keycloak
(https://www.mail-archive.com/users@sogo.nu/msg29805.html), but I didn't
find a solution.
Unfortunately, with LemonLdap, I have the same error: