Keycloak
Configure Keycloak as an Identity Provider for CISO Assistant
Last updated
Configure Keycloak as an Identity Provider for CISO Assistant
Last updated
© intuitem, 2018-2024
If Keycloak and CISO Assistant are both deployed locally with docker, you'll need to make sure that both containers can communicate together. You can do this with a bridge network.
Go into your Keycloak admin console
Open the sidebar menu > Clients and Create client
Choose SAML client type and name it ciso-assistant or with your custom SP Entity ID
Fill the Home URL by your <base_url> and Valid redirect URIs by <backend_url/*>
If you have some problems to configure these urls you can ask for help on Discord or by mailing us
Go into Keys and disable Signing keys config
Go into Advanced and fill ACS field by <backend_url/api/accounts/saml/0/acs/> (on a cloud instance it is simply <base_url/api/accounts/saml/0/acs/>)
Go to Client scopes and click on ciso-assistant-dedicated
Add a predefined mapper and check all X500 ones
Click on X500 surname and replace SAML Attribute name by http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Click on X500 givenName and replace SAML Attribute name by http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
Go into Realm settings > General, you will find the Metadata URL
You'll find inside the Metadata URL the Entity ID
Add a user in your application doesn't automatically create the user on CISO Assistant
You can now configure CISO Assistant with the 3 parameters you've retrieved.
