Keycloak is an open source identity and access management technology that integrates with applications in the cloud, on-premises, or on a mobile device. This documentation describes how to configure a single sign-on integration between Keycloak as the Identity Provider (IdP) and the Single Sign-On Service (SSO) for HackEDU as the Service Provider (SP).
All SSO communication takes place over TLS/SSL.
Configuring Jboss Keycloak as IdP
In your Keycloak admin console, select the realm that you want to use.
From left menu, select Clients.
Create a new client/application. Configure the following:
- Client ID:
HackEDU Secure Development Training
- Client Protocol:
- Include AuthnStatement:
- Sign Documents:
- Sign Assertions:
- Signature Algorithm:
- Canonicalization Method:
- Force Name ID Format:
- Name ID Format:
- Root URL:
- Valid Redirect URIs:
Click on Save.
Automatically Sync Teams to HackEDU (optional)
If you want to automatically sync Teams from your SSO provider to HackEDU, follow these instructions.
Upload HackEDU Metadata File
Export a metadata.xml file from your Keycloak client. From the Installation tab, choose the SAML Metadata IDPSSODescriptor format option and download your file.
Additional instructions can be found in KeyCloak's Documentation.