Versions Compared

Old Version 14

changes.mady.by.user Justin

Saved on

compared with

New Version 15

changes.mady.by.user Justin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

English

Introduction

Keycloak is an open source identity and access management platform, and it provides support for standard protocols like OpenID Connect, OAuth 2.0, and SAML.

In this tutorial, SAML will be used in Keycloak to enable Single Sign-On (SSO) capability with Joget.

The SAML Directory Manager Plugin is available in the Joget Marketplace.
The plugin's source code is also available in JogetOSS Github. Projects under JogetOSS are community-driven and community-supported, and you are welcome to contribute to the projects.

Note

This tutorial serves only as a general guide, using minimal-required configurations on Keycloak to enable SSO via SAML protocol with Joget.

To use Keycloak in a production environment, please see Configuring Keycloak for production or other relevant Keycloak guides.


Tutorial Steps

1. Keycloak Installation

To quickly get started on Keycloak and for ease of testing, we recommend installing Keycloak via Docker.
Do follow the guide until the part where you have successfully created a sample user in Keycloak & verify by logging in with this new user credentials in the Keycloak Account Console.

Note
titleImportant Note

Since the default bundled Tomcat server hosting the Joget platform operates on port 8080 by default, do ensure the deployed Keycloak container does not clash with the same host port.

For example, you can map Keycloak container to expose on host port 8500 or any other non-clashing port instead. 


2. Plugin Installation

Joget allows integration with any platform using SAML with help of SAML plugin which can be downloaded from the marketplace. Download the plugin and install the plugin in the manage plugins section.

https://marketplace.joget.org/jw/web/userview/mp/mpp/_/vad?id=wflow-saml-v5

Once you install the plugin, You need to whitelist the external API call so SAML API can be accessed from the end-users browser.

3. Plugin Configuration

Once you install the plugin you can enable the directory manager configuration to use SAML authentication. 

...

Configure other settings as per your industry requirements. 

4. KeyCloak Configuration

Creating a client in Keycloak will enable the SSO from the keycloak application. 

...

Name ID Format: username

Root URL: EMPTY

 Valid Valid Redirect URIs: https://joget-Server-URL/jw 

...

Mapping Name

SAML Attribute Name

X500 surname

User.LastName

X500 givenName

User.FirstName

X500 email

email

 

Optional Modifications

To allow end users to SSO via Keycloak with a convenient button in your Joget login page, you can use the sample code snippet below.

Edit the App Center app, navigate to UI builder -> Settings -> Login Page UI --> Custom HTML (After Login Form), then paste in the code snippet below.

...