This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Request was from an untrusted provider NAM

Hi, I'm trying to setup SSO SAML from Keycloak and NAM. In my keycloak admin console I have imported the metadata.xml of the NAM related environment (given to me from my organization) and I have set all the fields and stuff needed to connect my keycloak client with NAM IdP.  I have downloaded the sp-metadata.xml

For the NAM Side my colleague have created a service application with my keycloak url and name, and he added my sp.metadata.xml for connecting keycloak client with NAM IdP.

Now, when I try to login into my application I'm able to insrrt credentials into keycloak login page but when I click on "Login" button I'm redirect to a page of my organization with this error message "Request was from an untrusted provider" (pic for better understanding).

I have created a new docker container with cert.pem and key.pem get from keystore.jks of the organization but the error is still here

I don't know if the problem was from my keycloak client or NAM IdP

I hope my question is clear, thanks for the help

Parents
  • 0  

    Hi!

    NAM reports this error when configuration in NAM is not in line with SAML request sent from Service Provider (Keycloak in your example).

    To help you further with troubleshooting you would need to:

    • send actual SAML request (you can install a browser plugin like SAML-tracer)
    • show us how NAM is configured (e.g. screenshot of metadata tab when looking at service provider configuration)

    Kind regards,

    Sebastijan

    Kind regards,

    Sebastijan

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

  • 0 in reply to   

    Hi, Sebastian thanks for the answer. I have installed SAML-tracer and I will put here the request.

    For the NAM side I don't know If i can get a screenshot because is managed from other team.

    I will update my answer with SAML request when I can try again, thanks!!

  • 0   in reply to 

    Hi Felice!

    SAML request is only half of the information needed to solve this, because SAML request must be in line with NAM configuration. And since federation does not work, request is obviously not in line with NAM configuration.

    Or to rephrase, to make this federation work, other team will most likely need to change NAM configuration. And in order to tell you what to change in NAM I would need to see how it is currently configured.

    Kind regards,

    Sebastijan

    Kind regards,

    Sebastijan

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

Reply
  • 0   in reply to 

    Hi Felice!

    SAML request is only half of the information needed to solve this, because SAML request must be in line with NAM configuration. And since federation does not work, request is obviously not in line with NAM configuration.

    Or to rephrase, to make this federation work, other team will most likely need to change NAM configuration. And in order to tell you what to change in NAM I would need to see how it is currently configured.

    Kind regards,

    Sebastijan

    Kind regards,

    Sebastijan

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

Children
  • 0 in reply to   

    Hi Sebastian!

    I'm waiting for the answer from NAM team, we have checked the metadata.xml that I sent them, entityID and ID are equals, so I think the problem could depends from the certificate of my Keycloak(?) I don't know.

    I will update my answer asap after response of the team, thanks