SAML Login using Keycloak as IDP

Issue Summary

I want to login using Keycloak by using its SAML client.

I followed the instructions as shown in this github issue: https://github.com/getredash/redash/issues/2977#issuecomment-432476154

But after clicking “SAML Login” in the login screen, I get “It seems like the page you’re looking for cannot be found.” page, which is basically a 404 page, as shown below:

My configurations are identical to that shown in the above mentioned github issue.

My “Master SAML Processing URL” in keycloak is set to “http://localhost:5000/saml/callback?org_slug=default”. But when I visit that URL, it points to a 404 page as well. Is that normal?

Also, in the documentation here: https://redash.io/help/user-guide/users/authentication-options, its mentioned this: “Please note that SAML authentication is no longer available for Hosted Redash customers. Existing configurations are not affected.” What does this mean?

Is SAML authentication with Keycloak IDP possible?

Technical details:

Should be, yes.

It doesn’t affect you since you’re using OSS Redash (not app.redash.io).

Yes it’s normal. /saml/callback only accepts POST network requests. Your browser makes a GET request when you visit it.

To debug this, try logging in with keycloak and then check your logs with docker-compose logs server. You should see a traceback.