Setup Jboss Keyclock as Identity Provider

Setup Jboss Keyclock as Identity Provider

Follow the steps below to configure Jboss Keyclock as an Identity Provider

Step 1:

  • In your Keycloak admin console, select the realm that you want to use.
  • Click on the Clients from the left nav bar.
  • Create a new client/application.
  • Configure the following:
Client ID The SP-EntityID / Issuer from the step 1 of the plugin under Configure IDP tab.
Name Provide a name for this client
Description Provide a description
Enabled ON
Consent Required OFF
Client Protocol SAML
Include AuthnStatement ON
Sign Documents ON
Optimize Redirect signing key lookup OFF
Sign Assertions ON
Signature Algorithm RSA_SHA256
Encrypt Assertion OFF
Client Signature Required OFF
Canonicalization Method EXCLUSIVE
Force Name ID Format ON
Name ID Format Email
Root URL Leave empty or Base URL of Service Provider
Valid Redirect URIs The ACS (Assertion Consumer Service) URL from the step 1 of the plugin under configure IDP tab.
  • Under Fine Grain SAML Endpoint Configuration, configure the following:
Assertion Consumer Service POST Binding URL The ACS (Assertion Consumer Service) URL from the step 1 of the plugin under Configure IDP tab.
Logout Service Redirect Binding URL The Single Logout URL from the step 1 of the plugin under Configure IDP tab.
  • Click on Save.

SAML Settings - JBoss Keycloak SSO

Step 2:

  • Add the following attributes in the Mappers tab.
  • Click on Add Built-in and add the following option.

Attribute Mapper - JBoss Keycloak SSO

Step 3:

  • In the Installation Tab, choose SAML Metadata IDPSSODescriptor as Format option.
  • Download it and keep it handy. It will be used to configure the plugin.