Configuring Keycloak

Keycloak is an open source identity and access management technology that integrates with applications in the cloud, on-premises, or on a mobile device. This documentation describes how to configure a single sign-on integration between Keycloak as the Identity Provider (IdP) and the Single Sign-On Service (SSO) for HackEDU as the Service Provider (SP).

All SSO communication takes place over TLS/SSL.

Configuring Jboss Keycloak as IdP

In your Keycloak admin console, select the realm that you want to use.

From left menu, select Clients.

Create a new client/application. Configure the following:

  • Client ID: urn:amazon:cognito:sp:us-east-1_CHi5tsM8X

  • Name: HackEDU 

  • Description: HackEDU Secure Development Training 

  • Enabled: ON

  • Client Protocol: SAML

  • Include AuthnStatement: ON

  • Sign Documents: ON

  • Sign Assertions: ON

  • Signature Algorithm: RSA_SHA256

  • Canonicalization Method: EXCLUSIVE 

  • Force Name ID Format: ON

  • Name ID Format: Email 

  • Root URL: 

  • Valid Redirect URIs:* 

Click on Save.

Automatically Sync Teams to HackEDU (optional)

If you want to automatically sync Teams from your SSO provider to HackEDU, follow these instructions.

Upload HackEDU Metadata File

Export a metadata.xml file from your Keycloak client. From the Installation tab, choose the SAML Metadata IDPSSODescriptor format option and download your file.

You can follow the instructions on this page to upload your Metadata File in the HackEDU Admin Dashboard.

Additional Resources

Additional instructions can be found in KeyCloak's Documentation.

Did this answer your question?