Need Help? We are right here!
Configure Keycloak as IDP to Single Sign-On (SSO) into multiple applications using Keycloak as SAML IDP (Identity Provider). In this case miniOrange will act as a identity broker between your app (SP) and Keycloak (IDP) while providing additional features like MFA, Adaptive Authentication, Provisioning, Role Based access, Attribute Filtering, Cross Protocol Support etc. Follow the step-by-step guide below to set up Keycloak as SAML Identity Provider in miniOrange. Once configured successfully you will be ready to securely access your website/application using Keycloak IDP with only one set of credentials.
miniOrange offers free help through a consultation call with our System Engineers to configure SSO for different apps using Keycloak as IDP in your environment with 30-day free trial.
For this, you need to just send us an email at email@example.com to book a slot and we'll help you in no time.
Mentioned below are steps to configure Keycloak as IDP via SAML and OAuth configuration. Follow the steps accordingly based on your requirement (SAML or OAuth).
|EntityID / Issuer
|The SP-EntityID / Issuer from the plugin's Service Provider Metadata tab
|Provide a name for this client
|Provide a description
|Client Signature Required
|Force POST Binding
|Force NameID format
|Leave empty or Provide Base URL from Service Provider Metadata tab
|Valid Redirect URIs
|The ACS (Assertion Consumer Service) URL from the plugin's Service Provider Metadata tab
|Assertion Consumer Service POST Binding URL
|Logout Service Redirect Binding URL
|Single Logout Url
NOTE : Disabling Temporary will make user password permanent.
Note: -- If full path is on group path will be fetched else group name will be fetched.
Follow the steps to configure Keycloak as IdP by OAuth configuration.
|IdP Display Name
|Choose appropriate Name
|OAuth Authorize Endpoint
|OAuth Access Token Endpoint
|OAuth Get User Info Endpoint (optional)
|From step 1
|From step 1
If you have already configured your application in miniOrange you can skip the following steps.
|Service Provider Name
|Choose appropriate name according to your choice
|SP Entity ID or Issuer
|Your Application Entity ID
|ACS URL X.509 Certificate (optional)
|Your Application Assertion Consumer Service URL
|Add appropriate Name
|Get the Redirect-URL from your OAuth Client
|Add if required
|As per your Choice
Note: Choose the Authorization Endpoint according to the identity source you configure.
In case you are setting up SSO with Mobile Applications where you can't create an endpoint for Redirect or Callback URL, use below URL.