Third-party Identity Providers in Keycloak
Table of Content
Active Directory ADFS
How to configure ADFS as a SAML provider to Keycloak
- Add a new SAML provider
- Start configuration by giving a unique alias to your realm for a provider
- Scroll to the bottom of the page & continue with “Import adfs (ldap) configuration” (through url or a file)
- Once import is done, Single Sign-ON Service URL should be pre-filled. You can go on and fill in the rest of the fields like in the screenshot below:
- Once all fields are filled, save a form, proceed with the ‘Export’ tab and click on download. Import keycloak configuration on the ADFS side.
Once this is done, the main configuration is complete and connection should function.
Add attribute mappings
The last step is to map claims coming from ADFS to Keycloak attributes. Go to Mappers tab and create mappings for firstName & lastName claims. Use built in Attribute Importer as a Mapper type.
| Name | Attribute Name | User Attribute Name |
|---|---|---|
| firstName | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | firstName |
| lastName | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname | lastName |
Gitlab
All steps to add GitLab identity provider with keycloak in order to connect to .Stat Suite applications using a GitLab account.
- First, go to the Identity Providers left menu item and select GitLab from the Add provider drop-down list. This will bring you to the ‘Add identity provider’ page.
- You will have to get the Client Id and Client Secret from Gitlab, by using the redirect URI provided here.
Default Scopes: by default, GitLab is configured to take API and openid, you can change to read_user and open_id.
- In GitLab, go to Preferences and then Applications.
Paste the redirect URI provided by keycloak and make sure that read_user and openId scopes options are selected.
- Once you save your changes, you obtain an Application ID and secret. Copy those two respectively in Client Id and Client Secret in Keycloak and save.