1. Display name
Choose a name for your identity provider. This is the user-facing name, so choose a name your users will recognize. This value can be changed later.
...
2. Select Redirect mode
Select how the user will be redirected to the identity provider. You may configure more redirect modes after completing the setup.
...
3. Prepare IDP
In this step, we will configure Keycloak to work with Kantega SSO. For this, you will need to copy the Reply URL provided. We will use this when setting up Keycloak.
...
Configure Keycloak
Status | ||||
---|---|---|---|---|
|
Info |
---|
If you are using SCIM with your provider, make sure to check out the documentation for configuring this before proceeding. It might be that you need to configure this first or at the same time as setting up SAML. |
...
Set Client Signature Required to Off
Paste the Reply URL into URL into the following fields:
Valid Redirect URIs.
Master SAML Processing URL.
...
Open the Mappers tab. We are going to add:
lastName
givenName
emailmanaged groups sent via SAML response
...
Create mapper for lastName:
...
Create mapper for givenName:
...
Create mapper for email:
...
Mappers (Managed Groups or Auto create groups)
If you intend to use Managed groups (manage Jira groups from your users' group meberships in Keycloak) or Auto create groups, you also need a mapper for group claims. If not, you can skip this step.
Create mapper for Group claims from identity provider (legacy, pre-5.3):
Set Name and Friendly Name to Group
Set Group attribute name to http://schemas.xmlsoap.org/claims/Group
Set Full group path to OFF
...
Go back to the Kantega SSO setup wizard, step 3 Metadata.
...
4. Metadata
Provide the metadata URL (recommended):
https://<keycloak.example.com><keycloak server>/auth/realms/<http://example.com >/<realm>/protocol/saml/descriptor
Substitute <keycloak .example.comserver> with the DNS of your Keycloak server.
Substitute the realm identifier <http://example.com > <realm> with your realm.
Alternatively, you can download the metadata file to disk and upload it in the KSSO wizard.
...
...
5. Redirect URL
The Redirect URL is imported automatically from the metadata.
...
...
6. Certificate
This step shows the certificate used to validate the SAML messages.
...
...
7. Summary
Confirm Check that everything looks good .
...
and submit your setup
...
Test
Test that logging in with Keycloak works as expected. This will help identify if there are any issues with the configuration. Follow the steps to perform the login test.
...