Versions Compared

Old Version 35

changes.mady.by.user Justin

Saved on

compared with

New Version 36

changes.mady.by.user Justin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. In your Keycloak Admin Console, go to myrealm, create a new client.



  2. For Client Type, select SAML.
    For Client ID, paste in the Entity ID value you've copied earlier from the SAML Directory Manager plugin.



    Click "Next".

    For Valid Redirect URIs, paste in the base URL of your Joget instance.
    For both  



  3. Save the client configuration.

  4. Next, we'll still need to modify more configurations for our newly created client.
    Edit the client configuration.



    Then, refer to this table below to ensure the remaining config values are correct.

    "Settings" tab

    General
    Settings
    settings
    Client ID

    (Paste in the Entity ID copied from the SAML Directory Manager plugin)

    Example:

    http://localhost:8080/jw/web/json/plugin/org.joget.plugin.saml.SamlDirectoryManager/service

    Name--
    blank
    OPTIONAL--

    Description

    		--
    blank
    OPTIONAL--

    Always display in UI

    		Off

    Access

    Settings

    settings

    Root URL

    		--blank--

    Home URL

    		--blank--

    Valid redirect URIs

    (Base URL of your Joget instance)

    Example: http://localhost:8080/jw

    Valid post logout redirect URIs

    		--blank--

    IDP-Initiated SSO URL name

    (Paste in the ACS URL copied from the SAML Directory Manager plugin)

    Example:

    http://localhost:8080/jw/web/json/plugin/org.joget.plugin.saml.SamlDirectoryManager/service

    IDP Initiated SSO Relay State

    		--blank--

    Master SAML Processing URL

    (Paste in the ACS URL copied from the SAML Directory Manager plugin)

    Example:

    http://localhost:8080/jw/web/json/plugin/org.joget.plugin.saml.SamlDirectoryManager/service

    SAML

    Capabilities

    capabilities

    Name ID format

    username

    Force name ID format

    On

    Force POST binding

    Off

    Force artifact binding

    Off

    Include AuthnStatement

    On

    Include OneTimeUse Condition

    Off

    Optimize REDIRECT signing key lookup

    Off

    Allow ECP flow

    Off

    Signature and Encryption

    Sign documents

    Off

    Sign assertions

    On

    Signature algorithm

    RSA_SHA256

    SAML signature key name

    CERT_SUBJECT

    Canonicalization method

    EXCLUSIVE

    Login

    Settings

    settings

    Login theme

    --

    blank

    OPTIONAL--

    Consent required

    Off

    Display client on screen

    Off

    Consent screen text

    --blank--

    Logout

    Settings

    settings

    Front channel logout

    Off

...

  1. "Keys" tab

    Signing keys config
    Client Signature RequiredOff
    Encryption keys config
    Encrypt assertionsOff

    "Roles" tab

    Default. No change.

    "Sessions" tab

    Default. No change.

    "Advanced" tab

    Default. No change.



  2.  

 

Description: Optional 

Enabled: ON

Consent Required: OFF

Login Theme: Optional 

Client Protocol: SAML

Include AuthnStatement: ON

Include OneTimeUse Condition : OFF

Sign Documents: OFF

Sign Assertions: ON

Signature Algorithm: RSA_SHA256

SAML Signature Key Name: CERT_SUBJECT

Canonicalization Method: EXCLUSIVE

Encrypt Assertions: OFF

Client Signature Required: OFF

Force POST Binding: OFF

Front Channel Logout: OFF

Force Name ID Format: ON

Name ID Format: username

Root URL: EMPTY

Valid Redirect URIs: https://joget-Server-URL/jw 

Base URL: EMPTY

Master SAML Processing URL:   SAML JOGET API URL 

IDP Initiated SSO URL Name:  SAML JOGET API URL

To test configuration, you can copy the target IDP initiated SSO URL and paste it in incognito mode of browser and login to keycloak, If all is good you will be redirected to Joget home page with login.

...