Keycloak is an open source identity and access management technology that integrates with applications in the cloud, on-premises, or on a mobile device. This documentation describes how to configure a single sign-on integration between Keycloak as the Identity Provider (IdP) and the Single Sign-On Service (SSO) for HackEDU as the Service Provider (SP).
All SSO communication takes place over TLS/SSL.
Configuring Keycloak as IdP
In your Keycloak admin console, select the realm that you want to use.
From left menu, select Clients.
Create a new client/application. Configure the following:
HackEDU Secure Development Training
Include OneTimeUse Condition:
Force Artifact Binding:
Optimize REDIRECT signing key lookup:
SAML Signature Key Name:
Client Signature Required:
Force POST Binding:
Front Channel Logout:
Force Name ID Format:
Name ID Format:
Valid Redirect URIs:
Click on Save.
Screenshot of these settings:
Automatically Sync Teams to HackEDU (optional)
If you want to automatically sync Teams from your SSO provider to HackEDU, follow these instructions.
Upload HackEDU Metadata File
Export a metadata.xml file from your Keycloak client. From the Installation tab, choose the SAML Metadata IDPSSODescriptor format option and download your file.
Additional instructions can be found in KeyCloak's Documentation.