Jboss Keycloak as IdP for wordpress

Step 1: Setup Jboss Keyclock as Identity Provider

Follow the steps below to configure Jboss Keyclock as an Identity Provider

miniorange img Setup IDP

In the miniOrange SAML SP SSO plugin, navigate to Service Provider Metadata tab. Here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which are required to configure the Identity Provider.

wordpress saml upload metadata

In your Keycloak admin console, select the realm that you want to use.
Click on the Clients from the left nav bar.
Create a new client/application.
Configure the following:

Client ID	The SP-EntityID / Issuer from the step 1 of the plugin under Configure IDP tab.
Name	Provide a name for this client
Description	Provide a description
Enabled	ON
Consent Required	OFF
Client Protocol	SAML
Include AuthnStatement	ON
Sign Documents	ON
Optimize Redirect signing key lookup	OFF
Sign Assertions	ON
Signature Algorithm	RSA_SHA256
Encrypt Assertion	OFF
Client Signature Required	OFF
Canonicalization Method	EXCLUSIVE
Force Name ID Format	ON
Name ID Format	Email
Root URL	Leave empty or Base URL of Service Provider
Valid Redirect URIs	The ACS (Assertion Consumer Service) URL from the step 1 of the plugin under configure IDP tab.

Under Fine Grain SAML Endpoint Configuration, configure the following:

Assertion Consumer Service POST Binding URL	The ACS (Assertion Consumer Service) URL from the step 1 of the plugin under Configure IDP tab.
Logout Service Redirect Binding URL	The Single Logout URL from the step 1 of the plugin under Configure IDP tab.

Click on Save.

JBoss Keycloak SSO-1

Add Mappers

Add the following attributes in the Mappers tab.
Click on Add Built-in and add the following option.

JBoss Keycloak SSO-2

miniorange img Download setup file

In the Installation Tab, choose SAML Metadata IDPSSODescriptor as Format option.
Download it and keep it handy. It will be used to configure the plugin.