Keycloak

setup with keycloak as saml identity provider keycloak settings in the keycloak admin console, head to clients and click create select saml as client protocol and complete the clientid and client saml endpoint with the echoes sp information that can be found on the configuration page click save you will then be redirected to the keycloak configuration page of the client for further configuration on this page, you should have the following configuration client signature required should be turned off sign documents & sign assertions should be turned on in the mappers section, configure the saml attributes mapping required by echoes all attribute's nameformat should be basic echoes settings saml sign in url should have the form of https //\<your keycloak domain>/auth/realms/\<your realm>/protocol/saml public key x 509 certificate can be found in the keycloak realm's keys > certificate