9min

Keycloak

Setup with Keycloak as SAML Identity Provider

Keycloak settings

  1. In the Keycloak admin console, head to Clients and click Create
  2. Select SAML as Client Protocol and complete the ClientID and Client SAML Endpoint with the Echoes SP information that can be found on the configuration page.
  3. Click Save.
Create SAML client
Create SAML client

You will then be redirected to the Keycloak configuration page of the client for further configuration.

On this page, you should have the following configuration

  • Client Signature Required should be turned OFF
  • Sign Documents & Sign Assertions should be turned ON
SAML client full configuration
SAML client full configuration

In the Mappers section, configure the SAML attributes mapping required by Echoes.

Attributes mapping
Attributes mapping

All attribute's NameFormat should be Basic.

Email attribute
Email attribute
LastName attribute
LastName attribute
Firstname attribute
Firstname attribute

Echoes settings

SAML Sign-in URL

Should have the form of: https://<your-keycloak-domain>/auth/realms/<your-realm>/protocol/saml

Public Key x.509 Certificate

Can be found in the Keycloak realm's Keys -> Certificate.

ο»Ώ

Updated 09 Nov 2021
Did this page help you?
Yes
No