Keycloak and CDP Public Intergration

corestack — Tue, 21 Apr 2026 08:00:24 GMT

Hi Team,

I have configured my CDP and Keycloak. First I took my Keycloak XML file from "SAML 2.0 Identity Provider Metadata" and with this I have created one Identity provider. And I got one JSON from cloudera community and with this JSON created one client. Json file pasted atlast. With the client I created I pasted my CDP Identity provider ID in "Assertion Consumer Service POST Binding URL" in Keycloak client. After doing these steps with the provided "Target IDP initiated SSO URL" I tried to login all I get is "404 Misconfigured account. IdentityProviderConnector for ID '{39XXX08}' not found" . But if I copy my cloudera Manager URL and paste that in incognito this will redirect me to my keycloak server with this error "We are sorry... Invalid Request".

JSON FILE:

{
"clientId": "cdp-client",
"surrogateAuthRequired": false,
"enabled": true,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"https://consoleauth.altus.cloudera.com/saml"
],
"webOrigins": [
"https://consoleauth.altus.cloudera.com"
],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": true,
"protocol": "saml",
"attributes": {
"saml.assertion.signature": "true",
"saml.force.post.binding": "true",
"saml.multivalued.roles": "false",
"saml.encrypt": "false",
"saml_assertion_consumer_url_post": "https://consoleauth.altus.cloudera.com/saml?samlProviderId={ID}",
"saml.server.signature": "true",
"saml_idp_initiated_sso_url_name": "cdp-sso",
"saml.server.signature.keyinfo.ext": "false",
"exclude.session.state.from.auth.response": "false",
"saml.signature.algorithm": "RSA_SHA256",
"saml_force_name_id_format": "false",
"saml.client.signature": "true",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "true",
"display.on.consent.screen": "false",
"saml_name_id_format": "username",
"saml.onetimeuse.condition": "false",
"saml_signature_canonicalization_method": "http://www.w3.org/2001/10/xml-exc-c14n#"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"protocolMappers": [
{
"name": "my-email-id-mapper",
"protocol": "saml",
"protocolMapper": "saml-user-property-mapper",
"consentRequired": false,
"config": {
"attribute.nameformat": "URI Reference",
"user.attribute": "email",
"friendly.name": "my-email-friendly-name",
"attribute.name": "urn:oid:0.9.2342.19200300.100.1.3"
}
},
{
"name": "my-groups-mapper",
"protocol": "saml",
"protocolMapper": "saml-group-membership-mapper",
"consentRequired": false,
"config": {
"single": "true",
"attribute.nameformat": "URI Reference",
"full.path": "false",
"friendly.name": "my-groups-friendly-name",
"attribute.name": "https://cdp.cloudera.com/SAML/Attributes/groups"
}
},
{
"name": "my-firstname-mapper",
"protocol": "saml",
"protocolMapper": "saml-user-property-mapper",
"consentRequired": false,
"config": {
"attribute.nameformat": "URI Reference",
"user.attribute": "firstName",
"friendly.name": "my-firstname-friendly-name",
"attribute.name": "https://cdp.cloudera.com/SAML/Attributes/firstName"
}
},
{
"name": "my-lastname-mapper",
"protocol": "saml",
"protocolMapper": "saml-user-property-mapper",
"consentRequired": false,
"config": {
"attribute.nameformat": "URI Reference",
"user.attribute": "lastName",
"friendly.name": "my-lastname-friendly-name",
"attribute.name": "https://cdp.cloudera.com/SAML/Attributes/lastName"
}
}
],
"defaultClientScopes": [
"web-origins",
"role_list",
"profile",
"roles",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
}

Re: Keycloak and CDP Public Intergration

Azhar_Shaikh — Thu, 03 Mar 2022 08:05:39 GMT

Hello @corestack

Good Day.

We have a community article for Keycloak and CDP Integration.

Can you please try and validate If you have followed the steps as mentioned in the above article.

Thanks,

Azhar

https://community.cloudera.com/t5/Community-Articles/How-to-configure-Single-Sign-On-SSO-for-CDP-Public-Cloud-the/ta-p/300222

Re: Keycloak and CDP Public Intergration

VidyaSargur — Mon, 07 Mar 2022 05:30:47 GMT

@corestack, Has the reply helped resolve your issue? If so, please mark the appropriate reply as the solution, as it will make it easier for others to find the answer in the future.

Re: Keycloak and CDP Public Intergration

smdas — Tue, 08 Mar 2022 09:37:20 GMT

Hello @corestack

We hope the Post by @Azhar_Shaikh pointing to Link [1] helps your Team as there has been no further response from your side. As such, We shall mark the Post as Resolved.

Feel free to share any concerns with your Team's CDP Adoption via a Post in Community & We shall help your Team.

Regards, Smarak

[1] https://community.cloudera.com/t5/Community-Articles/How-to-configure-Single-Sign-On-SSO-for-CDP-Public-Cloud-the/ta-p/300222

question Re: Keycloak and CDP Public Intergration in Support Questions

Keycloak and CDP Public Intergration

Re: Keycloak and CDP Public Intergration

Re: Keycloak and CDP Public Intergration

Re: Keycloak and CDP Public Intergration