Step 1: Setup Jboss Keyclock as Identity Provider
Follow the steps below to configure Jboss Keyclock as an Identity Provider
Setup IDP
- In the miniOrange SAML SP SSO plugin, navigate to Service Provider Metadata tab. Here, you can find the SP metadata such as SP Entity ID and ACS (AssertionConsumerService) URL which are required to configure the Identity Provider.
- In your Keycloak admin console, select the realm that you want to use.
- Click on the Clients from the left nav bar.
- Create a new client/application.
- Configure the following:
- Under Fine Grain SAML Endpoint Configuration, configure the following:
- Click on Save.
| Client ID | The SP-EntityID / Issuer from the step 1 of the plugin under Configure IDP tab. |
| Name | Provide a name for this client |
| Description | Provide a description |
| Enabled | ON |
| Consent Required | OFF |
| Client Protocol | SAML |
| Include AuthnStatement | ON |
| Sign Documents | ON |
| Optimize Redirect signing key lookup | OFF |
| Sign Assertions | ON |
| Signature Algorithm | RSA_SHA256 |
| Encrypt Assertion | OFF |
| Client Signature Required | OFF |
| Canonicalization Method | EXCLUSIVE |
| Force Name ID Format | ON |
| Name ID Format | |
| Root URL | Leave empty or Base URL of Service Provider |
| Valid Redirect URIs | The ACS (Assertion Consumer Service) URL from the step 1 of the plugin under configure IDP tab. |
| Assertion Consumer Service POST Binding URL | The ACS (Assertion Consumer Service) URL from the step 1 of the plugin under Configure IDP tab. |
| Logout Service Redirect Binding URL | The Single Logout URL from the step 1 of the plugin under Configure IDP tab. |
Add Mappers
- Add the following attributes in the Mappers tab.
- Click on Add Built-in and add the following option.
Download setup file
- In the Installation Tab, choose SAML Metadata IDPSSODescriptor as Format option.
- Download it and keep it handy. It will be used to configure the plugin.
×
![]()