Configuring Keycloak

Keycloak is an open source identity and access management technology that integrates with applications in the cloud, on-premises, or on a mobile device. This documentation describes how to configure a single sign-on integration between Keycloak as the Identity Provider (IdP) and the Single Sign-On Service (SSO) for HackEDU as the Service Provider (SP).

All SSO communication takes place over TLS/SSL.

Configuring Keycloak as IdP

In your Keycloak admin console, select the realm that you want to use.

From left menu, select Clients.

Create a new client/application. Configure the following:

  • Client ID: urn:amazon:cognito:sp:us-east-1_CHi5tsM8X

  • Name: HackEDU 

  • Description: HackEDU Secure Development Training 

  • Enabled: ON

  • Consent Required: OFF

  • Client Protocol: saml

  • Include AuthnStatement: ON

  • Include OneTimeUse Condition: OFF

  • Force Artifact Binding: OFF

  • Sign Documents: ON

  • Optimize REDIRECT signing key lookup: OFF

  • Sign Assertions: ON

  • Signature Algorithm: RSA_SHA256

  • SAML Signature Key Name: NONE

  • Canonicalization Method: EXCLUSIVE 

  • Encrypt Assertions: OFF

  • Client Signature Required: OFF

  • Force POST Binding: ON

  • Front Channel Logout: OFF

  • Force Name ID Format: ON

  • Name ID Format: Email 

  • Root URL:  https://auth.hackedu.com/saml2/idpresponse 

  • Valid Redirect URIs:  https://app.hackedu.com/* 

Click on Save.

Screenshot of these settings:

Automatically Sync Teams to HackEDU (optional)

If you want to automatically sync Teams from your SSO provider to HackEDU, follow these instructions.

Upload HackEDU Metadata File

Export a metadata.xml file from your Keycloak client. From the Installation tab, choose the SAML Metadata IDPSSODescriptor format option and download your file.

You can follow the instructions on this page to upload your Metadata File in the HackEDU Admin Dashboard.

Additional Resources

Additional instructions can be found in KeyCloak's Documentation.

Did this answer your question?