Jboss Keyclock as IDP

Step 1: Setup Jboss Keyclock as Identity Provider

Follow the steps below to configure Jboss Keyclock as an Identity Provider

miniorange img Setup IDP

  • In your Keycloak admin console, select the realm that you want to use.
  • Click on the Clients from the left nav bar.
  • Create a new client/application.
  • Configure the following:
  • Client ID The SP-EntityID / Issuer from the step 1 of the plugin under Configure IDP tab.
    Name Provide a name for this client
    Description Provide a description
    Enabled ON
    Consent Required OFF
    Client Protocol SAML
    Include AuthnStatement ON
    Sign Documents ON
    Optimize Redirect signing key lookup OFF
    Sign Assertions ON
    Signature Algorithm RSA_SHA256
    Encrypt Assertion OFF
    Client Signature Required OFF
    Canonicalization Method EXCLUSIVE
    Force Name ID Format ON
    Name ID Format Email
    Root URL Leave empty or Base URL of Service Provider
    Valid Redirect URIs The ACS (Assertion Consumer Service) URL from the step 1 of the plugin under configure IDP tab.
  • Under Fine Grain SAML Endpoint Configuration, configure the following:
  • Assertion Consumer Service POST Binding URL The ACS (Assertion Consumer Service) URL from the step 1 of the plugin under Configure IDP tab.
    Logout Service Redirect Binding URL The Single Logout URL from the step 1 of the plugin under Configure IDP tab.
  • Click on Save.
  • JBoss Keycloak SSO-1

 Add Mappers

  • Add the following attributes in the Mappers tab.
  • Click on Add Built-in and add the following option.
  • JBoss Keycloak SSO-2

miniorange img Download setup file

  • In the Installation Tab, choose SAML Metadata SPSSODescriptor as Format option.
  • Download it and keep it handy. It will be used to configure the plugin.