Versions Compared

Old Version 34

changes.mady.by.user Justin

Saved on

compared with

New Version 35

changes.mady.by.user Justin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents
maxLevel2

Introduction

Keycloak is an open source identity and access management platform, and it provides support for standard protocols like OpenID Connect, OAuth 2.0, and SAML.

...

4. KeyCloak Configuration

Creating a client in Keycloak will enable the SSO from the keycloak application. 

Open the Keycloak admin console -> Clients-> Create 

...

  1. In your Keycloak Admin Console, go to myrealm, create a new client.

    Image Added

  2. For Client Type, select SAML.
    For Client ID, paste in the Entity ID value you've copied earlier from the SAML Directory Manager plugin.

    Image Added

    Click "Next".

    For Valid Redirect URIs, paste in the base URL of your Joget instance.
    For both  

    Image Added

  3. Save the client configuration.

  4. Next, we'll still need to modify more configurations for our newly created client.
    Edit the client configuration.

    Image Added

    Then, refer to this table below to ensure the remaining config values are correct.

    "Settings" tab

    General Settings
    Client ID

    (Paste in the Entity ID copied from the SAML Directory Manager plugin)

    Example:

    http://localhost:8080/jw/web/json/plugin/org.joget.plugin.saml.SamlDirectoryManager/service

    Name--blank--

    Description

    		--blank--

    Always display in UI

    		Off

    Access Settings

    Root URL

    		--blank--

    Home URL

    		--blank--

    Valid redirect URIs

    (Base URL of your Joget instance)

    Example: http://localhost:8080/jw

    Valid post logout redirect URIs

    		--blank--

    IDP-Initiated SSO URL name

    (Paste in the ACS URL copied from the SAML Directory Manager plugin)

    Example:

    http://localhost:8080/jw/web/json/plugin/org.joget.plugin.saml.SamlDirectoryManager/service

    IDP Initiated SSO Relay State

    		--blank--

    Master SAML Processing URL

    (Paste in the ACS URL copied from the SAML Directory Manager plugin)

    Example:

    http://localhost:8080/jw/web/json/plugin/org.joget.plugin.saml.SamlDirectoryManager/service

    SAML Capabilities

    Name ID format

    username

    Force name ID format

    On

    Force POST binding

    Off

    Force artifact binding

    Off

    Include AuthnStatement

    On

    Include OneTimeUse Condition

    Off

    Optimize REDIRECT signing key lookup

    Off

    Allow ECP flow

    Off

    Signature and Encryption

    Sign documents

    Off

    Sign assertions

    On

    Signature algorithm

    RSA_SHA256

    SAML signature key name

    CERT_SUBJECT

    Canonicalization method

    EXCLUSIVE

    Login Settings

    Login theme

    --blank--

    Consent required

    Off

    Display client on screen

    Off

    Consent screen text

    --blank--

    Logout Settings

    Front channel logout

    Off




Please use the following configurations:

Client ID: SAML JOGET API URL
Name: Optional 

...