Dear mailcow-community.
I am testing mailcow (nightly, version 010d8987) now and i’m especially interested in using keycloak as identity provider.
It took my a while to really trace the problem, as it took some time to find the error message and then dig up the meaning behind it.
I have tried to connect mailcow to a test-environment of univention with keycloak installed.
I have tried both the keycloak and the generic OIDC. Test connection failed. I saved the settings and tried to log in, to see some possible error in mailcow UI log. Redirect to sso login works, login works, keycloak session is created. Redirect back to mailcow works. Mailcow shows authentication error. Then I found “login_failed”,“cURL error 6: Could not resolve host: https://…” in mailcow UI log.
It took me a while to check the dns settings all over, in the end I suspect that the self-signed certificate of my keycloak stops the creation of the mailbox or retrieval of data from keycloak.
A more specific error message would be great, plus a checkbox in the IdP setup to accept untrusted certificates. Not that I plan to use an untrusted certificate. But especially since this part of mailcow has not hit stable yet, I expect people try to mess around with it.
If anyone has a workaround for me, or an option to import that one certificate, that would be great.
Thanks in advance!