Administration
Single sign-on

Keycloak

5min

Setup with Keycloak as SAML Identity Provider

Keycloak settings

  1. In the Keycloak admin console, head to Clients and click Create
  2. Select SAML as Client Protocol and complete the ClientID and Client SAML Endpoint with the Echoes SP information that can be found on the configuration page.
  3. Click Save.
Create SAML client
Create SAML client


You will then be redirected to the Keycloak configuration page of the client for further configuration.

On this page, you should have the following configuration

  • Client Signature Required should be turned OFF
  • Sign Documents & Sign Assertions should be turned ON
SAML client full configuration
SAML client full configuration


In the Mappers section, configure the SAML attributes mapping required by Echoes.

Attributes mapping
Attributes mapping


All attribute's NameFormat should be Basic.

Email attribute
Email attribute

LastName attribute
LastName attribute

Firstname attribute
Firstname attribute


Echoes settings

SAML Sign-in URL

Should have the form of: https://<your-keycloak-domain>/auth/realms/<your-realm>/protocol/saml

Public Key x.509 Certificate

Can be found in the Keycloak realm's Keys -> Certificate.

Updated 03 Mar 2023
Did this page help you?
PREVIOUS
Jumpcloud
NEXT
Linking identities
Docs powered by Archbee