I am trying to connect GitLab and Keycloak using SAML, however, I get a “Fingerprint mismatch” error. I have tried setting the idp_cert to the following.
idp_cert: '-----BEGIN CERTIFICATE-----<MY_CERTIFICATE>-----END CERTIFICATE-----'
I have also tried the fingerprint instead.
idp_cert_fingerprint: '52:64:B4:A9:36:BC:57:67:28:0E:BF:14:2C:5C:E2:1C:79:27:D9:B0'
In both cases, I get the same “Fingerprint mismatch” error. I have checked many times that the certificate I am using is the correct certificate used in keycloak.
I am having the same problem.
@mounikakella @codejamninja I had the same issue. I resolved it like so:
In my case, I was trying to use my IDPs SSL certification fingerprint.
Instead, I had to use my IDPs generated ssl certification. In keycloak, this is in the realm settings > keys > RSA > Certificate. I had to set the idp_cert field to
idp_cert: ‘-----BEGIN CERTIFICATE-----<MY_IDP_GENERATED_CERTIFICATE>-----END CERTIFICATE-----’
Use the ‘SAML’ chrome plugin to see what certificate your IDP is sending to your GitLab instance. GitLab needs to use this certificate.
I hope this was helpful!
I got it to work. I have documented my keycloak/gitlab SAML integration at the link below.
I follow step in https://github.com/codejamninja/keycloak-sso-configs/tree/master/gitlab but not solve in my gitlab, there is other step to do I missing ?