- In the Keycloak admin console, head to Clients and click Create
- Select SAML as Client Protocol and complete the ClientID and Client SAML Endpoint with the Echoes SP information that can be found on the configuration page.
- Click Save.
You will then be redirected to the Keycloak configuration page of the client for further configuration.
On this page, you should have the following configuration
- Client Signature Required should be turned OFF
- Sign Documents & Sign Assertions should be turned ON
In the Mappers section, configure the SAML attributes mapping required by Echoes.
All attribute's NameFormat should be Basic.
Should have the form of: https://<your-keycloak-domain>/auth/realms/<your-realm>/protocol/saml
Can be found in the Keycloak realm's Keys -> Certificate.