Skip to main content

Troubleshooting: Updating LDAP SA credentials in RH-SSO/Keycloak

Issue:

SSO that is configured with LDAP/AD as the selected Identity Provider where the service account used to bind Keycloak/RH SSO to AD has had either the account, password, or both changed

Solution:

  • Login to RH SSO/Keycloak admin UI page

  • Click on User Federation in the left sidebar

18615935718291-mceclip0.png

  • Click on the AD/LDAP provider configured

18615947639059-mceclip1.png

  • Under the Settings tab update the Bind DN and Bind Credential with the updated value

    • The Bind DN value will be the new SA account

    • The Bind Credential will be the new password for the SA account used in Bind DN

18615981773715-mceclip2.png

  • Once the values have been updated click on the Test Authentication button to verify if the new credentials are valid

18616027369747-mceclip3.png

  • Users can then re-enable the SSO redirect in ESP if this option was disabled

In this section: