gpordeus commented on issue #12831: URL: https://github.com/apache/cloudstack/issues/12831#issuecomment-4158078385
I got it working by: - removing the attribute `use="signing" ` from the `KeyDescriptor` of IdP metadata - setting Keycloak's "Encryption algorithm" to `AES_256_CBC` instead of `AES_256_GCM` Removing the attribute is necessary so ACS knows that it is also the encryption certificate. I don't know if Keycloak can be configured to adjust this (I changed it manually, passing a local file to the IdP metadata global config), but we can make ACS use the certificate for both situations if there's only one. I'll open a PR. As for the algorithm, I guess ACS doesn't support it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
