Configuring Keycloak
Keycloak is an open source identity and access management technology that integrates with applications in the cloud, on-premises, or on a mobile device. This documentation describes how to configure a single sign-on integration between Keycloak as the Identity Provider (IdP) and the Single Sign-On Service (SSO) for HackEDU as the Service Provider (SP).
All SSO communication takes place over TLS/SSL.
Configuring Jboss Keycloak as IdP
In your Keycloak admin console, select the realm that you want to use.
From left menu, select Clients.
Create a new client/application. Configure the following:
- Client ID:
urn:amazon:cognito:sp:us-east-1_CHi5tsM8X
- Name:
HackEDU
- Description:
HackEDU Secure Development Training
- Enabled:
ON
- Client Protocol:
SAML
- Include AuthnStatement:
ON
- Sign Documents:
ON
- Sign Assertions:
ON
- Signature Algorithm:
RSA_SHA256
- Canonicalization Method:
EXCLUSIVE
- Force Name ID Format:
ON
- Name ID Format:
Email
- Root URL:
https://auth.hackedu.com/saml2/idpresponse
- Valid Redirect URIs:
https://app.hackedu.com/*
Click on Save.
Automatically Sync Teams to HackEDU (optional)
If you want to automatically sync Teams from your SSO provider to HackEDU, follow these instructions.
Upload HackEDU Metadata File
Export a metadata.xml file from your Keycloak client. From the Installation tab, choose the SAML Metadata IDPSSODescriptor format option and download your file.
Additional Resources
Additional instructions can be found in KeyCloak's Documentation.