Hi Colleen, Am 14.02.19 um 11:32 schrieb Colleen Murphy: > I'm more interested in what you were seeing, both the output from the client and the output from the keystone server if you have access to it. I will configure the adfs-connection again and send you the logs. > > Unfortunately that seems to still be a valid bug that we'll need to address. You could try using the python keystoneauth library directly and see if the issue appears there[1][2]. > > [1] https://docs.openstack.org/keystoneauth/latest/using-sessions.html > [2] https://docs.openstack.org/keystoneauth/latest/plugin-options.html#v3oidcpassword I was missing the --os-client-id parameter, but I didnt got any hint about its required, so took a while to find it. With os-client-id, and os-client-secret Im now able to reach my keycloak. I already found some settings on keycloak I had to change. (Hopefully) I will be able to continue my work next week. > > I found that too. The in-development documentation has already been fixed[3] but we didn't backport that to the Rocky documentation because it was part of a large series of rewrites and reorgs. > > [3] https://docs.openstack.org/keystone/latest/admin/federation/configure_federation.html#configure-mod-auth-openidc Great - thank a lot, I will fix my settings. Fabian