Hi everyone,
We are experiencing problems with the Office 365 / Microsoft 365 connector while setting up UCS SSO with Keycloak. The main issues observed:
- SAML Setup Script Fails
saml_setup.batfails on both PowerShell 5.x and 7.x.- Errors include
Command not recognizedforSet-MgDomainAuthenticationandConnect-MgGraph. - Interactive authentication using WAM complicates automated execution.
- Domain / LDAP Instability
- User import scripts sometimes lock
slapdor leave LDAP in an inconsistent state. - Attempts to update IdP metadata or sync users fail intermittently.
- Keycloak Container Issues
- H2 database locking (
keycloakdb.mv.db) prevents startup in dev mode. - Incorrect volume permissions and port conflicts can cause crashes, leaving Apache endpoints without a backend.
Impact:
- Office 365 connector cannot complete synchronization.
- SAML endpoints for the UCS realm are unavailable (
404 Realm does not existor503 Service Unavailable). - Manual remediation is required for both Keycloak and the domain before attempting connector operations again.
Commands and Context:
- PowerShell (attempts on Windows):
Connect-MgGraph -Scopes Domain.ReadWrite.All, Directory.ReadWrite.All
Set-MgDomainAuthentication -DomainName example.com -Authentication ...
- Keycloak Docker attempts on UCS VM:
docker run --rm -v /opt/keycloak/data:/opt/keycloak/data \
-v /usr/local:/host docker.software-univention.de/keycloak-keycloak:26.4.7-ucs1 \
start-dev --hostname sso.example.com --http-enabled true
docker run --rm -v /opt/keycloak/data:/opt/keycloak/data \
-v /usr/local:/host docker.software-univention.de/keycloak-keycloak:26.4.7-ucs1 \
export --realm=ucs --file=/host/ucs-realm.json
Request:
Has anyone successfully run the Office 365 connector with UCS SSO recently? Any guidance on:
- PowerShell non-interactive execution of
saml_setup.bat - Fixing H2 DB locking or Keycloak dev mode issues
- Reliable Office 365 connector synchronization
Thanks in advance for your advice!