Versions Compared

Old Version 4

changes.mady.by.user Mari Fuglem

Saved on

compared with

New Version Current

changes.mady.by.user August Heltne

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

1. Display name

Choose a name for your identity provider. This is the user-facing name, so choose a name your users will recognize. This value can be changed later.

...

2. Select Redirect mode

Select how the user will be redirected to the identity provider. You may configure more redirect modes after completing the setup.

...

3. Prepare IDP

In this step, we will configure Keycloak to work with Kantega SSO. For this, you will need to copy the Reply URL provided. We will use this when setting up Keycloak.

...

Configure Keycloak

Status
colourPurple
titleKeycloakexternal

Info

If you are using SCIM with your provider, make sure to check out the documentation for configuring this before proceeding. It might be that you need to configure this first or at the same time as setting up SAML.

...

  • Set Client Signature Required to Off

  • Paste the Reply URL  into URL into the following fields:

    • Valid Redirect URIs.

    • Master SAML Processing URL.

...

Open the Mappers tab. We are going to add:

  • lastName

  • givenName

  • emailmanaged groups sent via SAML response

...

Create mapper for lastName:

...

Create mapper for givenName:

...

Create mapper for email:

...

Mappers (Managed Groups or Auto create groups)

If you intend to use Managed groups (manage Jira groups from your users' group meberships in Keycloak) or Auto create groups, you also need a mapper for group claims. If not, you can skip this step.

Create mapper for Group claims from identity provider (legacy, pre-5.3):

...

Go back to the Kantega SSO setup wizard, step 3 Metadata.

...

4. Metadata

Provide the metadata URL (recommended):

https://<keycloak.example.com><keycloak server>/auth/realms/<http://example.com >/<realm>/protocol/saml/descriptor

  • Substitute <keycloak .example.comserver> with the DNS of your Keycloak server.

  • Substitute the realm identifier <http://example.com > <realm> with your realm.

Alternatively, you can download the metadata file to disk and upload it in the KSSO wizard.

...

...

5. Redirect URL

The Redirect URL is imported automatically from the metadata.

...

...

6. Certificate

This step shows the certificate used to validate the SAML messages.

...

...

7. Summary

Confirm Check that everything looks good .

...

and submit your setup (smile)

...

Test

Test that logging in with Keycloak works as expected. This will help identify if there are any issues with the configuration. Follow the steps to perform the login test.

...