Hi! Does anyone have any doc/tutorial to integrate keycloak and fleet? I tried to follow https://fleetdm.com/docs/deploying/configuration#configuring-single-sign-on-sso but even If I am correctly redirected to keycloak and redirected back to fleet, I can't log in. Thanks!

Here's what the admin guide says https://www.keycloak.org/docs/latest/server_admin/#_client-saml-configuration

Hi Keith, First, thanks for your help. I am going to read it carefully. I have the keycloak (saml connfiguration) already working with another environment, so I think I am not doing right with the Fleet environment. I suspect it's something about the mappers in the client configuration. I am receiving in my SAML response: ~ <saml:Subject> <saml:NameID Format="urnoasisnamestcSAML1.1nameid-format:*unspecified*">daviduser</saml:NameID> <saml:SubjectConfirmation Method="urnoasisnamestcSAML2.0cm:bearer"> <saml:SubjectConfirmationData InResponseTo="idcIByF4fOnS7qtOuE" NotOnOrAfter="2022-07-18T070043.338Z" ~ Do you mind if you show me your client's configuration? There is also an export option if it is easier and it does not bother you. Thanks a lot.

Looks like we don't have any mappers in our keycloak config. We are also using email address to sign in to Fleet, are you using usernames ?

Hi Keith, Thanks again for your help. I am trying to use the email address to sign in to fleet, withou sucess at this point. I have also tryed adding your last metadata conf to my fleet config. Same result. If this not bother you... could you share your keycloak config? There are not a lot of options in the fleet side of the SAML configuration. Thanks a lot david