7,023 questions
How integrate Keycloak AD FS and PowerBI Report Server
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 90%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVA%3C/text%3E%3C/svg%3E)
Vladislav Alyushin
0
Reputation points
Hi everyone!
I want realize 2fa authentication on Power BI Report Server use keycloak+adfs. I deployed Keycloak (auth.test.local) and ad fs (adds.test.local). In Keycloak imported metadata from ad fs (use saml). On adfs created claim provider (Keycloak) and relying party trust (identifier pbirs.test.local), on wap published application (external url pbirs.test.local, internal ecs-rs.test.local). When I go to https://pbirs.test.local/reports I see Keycloak authentication page, enter login, password and code. All is fine,but when I redirect to ad fs url with saml response parameters (email, given name, surname, roles) and redirect to power bi report server with url https://pbirs.test.local/reports?authtoken= I get 401 authentication error.
If I set Set-WebApplicationProxyApplication -BackendServerAuthenticationMode IntegratedWindowsAuthentication I get error:
Error details: ID0001: The required attribute 'Name' in the element 'Attribute' is missing. Exception details: System.Xml.XmlException: ID0001: The required attribute 'Name' in the element 'Attribute' is missing. at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ReadAttribute(XmlReader reader) at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ReadAttributeStatement(XmlReader reader) at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ReadAssertion(XmlReader reader) at Microsoft.IdentityModel.Tokens.Saml2.Saml2SecurityTokenHandler.ReadToken(XmlReader reader) at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ReadToken(XmlReader reader) at Microsoft.IdentityModel.Tokens.SecurityTokenElement.ReadSecurityToken(XmlElement securityTokenXml, SecurityTokenHandlerCollection securityTokenHandlers) at Microsoft.IdentityServer.Service.Tokens.SamlMessageSecurityTokenHandler.ReadToken(XmlReader reader) at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ReadToken(XmlReader reader) at Microsoft.IdentityModel.Tokens.SecurityTokenElement.ReadSecurityToken(XmlElement securityTokenXml, SecurityTokenHandlerCollection securityTokenHandlers) at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.CreateAndSaveSamlSession(ProtocolContext context, SecurityTokenElement requestedTokenElement)I can't understand where is error? as far I understand it's adds can't resolve saml token to integration window authentication. Is it possible and how?
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Microsoft Security | Active Directory Federation Services
1,306 questions
Sign in to answer