RH-SSO Identity Broker SAML signed requests are not trusted while connecting to an external IDP

Solution Verified - Updated -


  • Keycloak signs the SAML AuthN requests with a self-signed certificate that is rejected by the external SAML IdP due an unknown certificate signed authority
  • Unable to configure Keycloak to issue SAML requests with a trusted certificate from a recognized certificate authority


  • Red Hat Single Sign-On (RH-SSO)
    • 7
  • SAML Identity Provider Brokering
  • External 3rd-Party SAML IdP
  • Trusted Certificate Authority

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In