Keycloak

Discover step-by-step instructions on configuring a connection with Keycloak. Learn how to integrate your application with Keycloak for secure and streamlined SSO authentication.

How to start

Open your Keycloak Server

---

Click on "Administration Console"

Declare a client

Login to your Admin Account

---

Click on "Clients"

---

Click on "Create client"

---

1. Select "SAML" for "Client type" field
2. Paste "Client ID" value you'll find on right side of this screen in "Client ID" field 👉
3. Type a custom friendly name in "Name", then click "Next"

Configure Client

1. Paste "Valid redirect URIs" you'll find on right side of this screen into "Valid redirect URIs" 👉
2. Paste "Master SAML Processing URL" you'll find on right side of this screen into "Master SAML Processing URL" 👉
3. Save

---

Go to "Advanced" tab

---

Paste "Logout Service POST Binding URL" you'll find on right side of this screen into "Logout Service POST Binding URL" 👉

---

Scroll down to "SAML capabilities" section

---

1. Choose "transient" as "Name ID format"
2. Uncheck "Force POST binding" field
3. Scroll to "Signature and Encryption"

---

1. Check "Sign documents" field
2. Check "Sign assertions" field
3. Scroll to "Logout settings"

---

1. Check "Front channel logout" field
2. Click "Save"

Configure Keys

1. Click on right side of this screen on "Generate PFX" button
2. Download the PFX file

---

1. Go to "Keys" tab
2. Switch OFF "Client signature required" then ON again 🚨
3. In certificate section click on "Import key"

---

1. As "Archive format" choose "PKCS12"
2. In "Import file" browse the downloaded PFX file

---

1. In "Key alias" field paste "Key alias" value you'll find on right side 👉
2. In "Store password" field paste "Password" value you'll find on right side 👉
3. Click "Import"

Attributes Mapping

1. Go to "Client scopes" tab
2. Click on the row that corresponds to your client

---

Click on "Configure a new mapper" button

---

Click on "User property" list item

---

1. In "Name" & "Property" type "id"
2. In "Friendly Name" & "SAML Attribute Name" type "idp_user_id"
3. Save

---

1. In "Name" & "Property" type "email"
2. In "Friendly Name" & "SAML Attribute Name" type "email"
3. Save

---

1. In "Name" & "Property" type "firstName"
2. In "Friendly Name" & "SAML Attribute Name" type "given_name"
3. Save

---

1. In "Name" & "Property" type "lastName"
2. In "Friendly Name" & "SAML Attribute Name" type "family_name"
3. Save

---

1. Click on "Dedicated scopes"
2. You should now have the above Mapping

XML Metadata file

1. On left side of your Keycloak click on "Realm settings"
2. Click right on "SAML 2.0 Identity Provider Metadata" to save XML file link
3. If you prefer, you can also download the file.

Drop your link or downloaded XML metadata

Users and groups

To add some users, click on "Users" tab on the left.

---

Click on "Add user"

---

Fill the fields and click on "Create"

Test SSO login

Test SSO login