Choose a name for your identity provider. This is the user-facing name, so choose a name your users will recognize. This value can be changed later.
Copy the Callback URL. You will need this when configuring Keycloak.
If you are using SCIM with your provider, make sure to check out the documentation for configuring this before proceeding. It might be that you need to configure this first or at the same time as setting up OIDC. |
Sign in to the keycloak admin console.
Select the correct realm (we are using example.com) and then Create client.
In Client ID field, give the client a unique name.
Select openid-connect as the Client Protocol.
Insert the base url to your Atlassian application in the Root URL field (in the example below, we have a Jira instance available at jira-test.example.com.
Save the new client.
Give the client a name (in the example below we call it “My Jira”), and set the Access Type to confidential. You can also paste in the callback url from the Kantega SSO wizard in the “Valid Redirect URIs”, to make the set here more strict.
Save changes.
If you intend to use Managed groups (manage your users' group meberships in Keycloak) or Auto create groups, you also need a mapper for group claims. If not, you can skip this step.
Create mapper for:
Set Name and Friendly Name to Group
Set Group attribute name to “Groups”
Set Full group path to OFF
Go back to the Kantega SSO setup wizard, step 3 Metadata.
Copy client id from the settings tab and client secret from the Credentials tab and go back to the Kantega SSO setup wizard , step 5 Credentials.
Complete the discovery URL by inserting the host url and realm name.
These are the scopes we were able to fetch from the metadata. You can add scope values from a list, start typing to add your own or unselect them. A minimum of one scope value is required.
In this step, we will insert client credentials from Keycloak. The client ID is found in the Setting tab, while the secret is found in the Credentials tab in Keycloak.
Paste these values into the respective fields.
Confirm that everything looks good and submit your setup
Test that logging in with Keycloak works as expected. This will help identify if there are any issues with the configuration. Follow the steps to perform the login test.