Well we've been going round and round in circles as Keycloak authentication is failing after upgrading simpleSAMLphp and wonder if anyone can help? :)
We have a Drupal site that uses the simplesaml_auth module to authenticate via Keycloak - Keycloak set up as a remote IdP in simpleSAMLphp. We're processing a Drupal upgrade which has forced an upgrade to simpleSAMLphp 2.1.1 from 1.9.x
After upgrading, the SSO calls to Keycloak fail with:
2024-01-19 14:00:50,675 ERROR [org.keycloak.services] (executor-thread-201) KC-SERVICES0092: Missing parameter: response_type 2024-01-19 14:00:50,675 WARN [org.keycloak.events] (executor-thread-201) type=LOGIN_ERROR, realmId=4fbb3201-f824-4e7d-b0dd-2847c9b397f5, clientId=account, userId=null, ipAddress=(REMOVED), error=invalid_request
Keycloak shows this error when attempting a login:
"Unexpected error when handling authentication request to identity provider."
We can see that the call to Keycloak is different. In v1.9.x the GET to the Keycloak server contained a SAMLrequest= parameter. In simpleSAMLphp 2.1.1 that is now replaced by a shorter SAMLart= request which is causing Keycloak to throw the above error.
We're running Keycloak 20.0.5.
Is there a way of making simpleSAMLphp make the GET request use SAMLrequest= like it used to? Or perhaps do we need to upgrade Keycloak to support the SAMLart= request?
Help!!! (thank you in advance )