1 of 1

Keycloak

Configure Keycloak as an Identity Provider for CISO Assistant

If Keycloak and CISO Assistant are both deployed locally with docker, you'll need to make sure that both containers can communicate together. You can do this with a bridge network.

Go into your Keycloak admin console

Open the sidebar menu > Clients and Create client
Choose SAML client type and name it ciso-assistant or with your custom SP Entity ID
Fill the Home URL with your <base_url> and Valid redirect URIs with <backend_url/*>
If you have some problems to configure these urls you can ask for help on or by emailing us
Go into Keys and disable Signing keys config
Go into Advanced and fill ACS field with <backend_url/api/accounts/saml/0/acs/> (on a cloud instance it is simply <base_url/api/accounts/saml/0/acs/>)
Go to Client scopes and click on ciso-assistant-dedicated
Add a predefined mapper and check all X500 ones
Click on X500 surname and replace SAML Attribute name with http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Click on X500 givenName and replace SAML Attribute name with http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
Go into Realm settings > General, you will find the Metadata URL
You'll find inside the Metadata URL the Entity ID

Go into your Keycloak admin console

Open the sidebar menu > Clients and Create client
Choose OpenID Connect client type and give it a Client ID, then click Next

Adding a user in your application doesn't automatically create the user on CISO Assistant

You can now with the parameters you've retrieved.

Keycloak

Configure Keycloak as an Identity Provider for CISO Assistant

If Keycloak and CISO Assistant are both deployed locally with docker, you'll need to make sure that both containers can communicate together. You can do this with a bridge network.

Go into your Keycloak admin console

Open the sidebar menu > Clients and Create client
Choose SAML client type and name it ciso-assistant or with your custom SP Entity ID
Fill the Home URL with your <base_url> and Valid redirect URIs with <backend_url/*>
If you have some problems to configure these urls you can ask for help on or by emailing us
Go into Keys and disable Signing keys config
Go into Advanced and fill ACS field with <backend_url/api/accounts/saml/0/acs/> (on a cloud instance it is simply <base_url/api/accounts/saml/0/acs/>)
Go to Client scopes and click on ciso-assistant-dedicated
Add a predefined mapper and check all X500 ones
Click on X500 surname and replace SAML Attribute name with http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
Click on X500 givenName and replace SAML Attribute name with http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
Go into Realm settings > General, you will find the Metadata URL
You'll find inside the Metadata URL the Entity ID

Go into your Keycloak admin console

Open the sidebar menu > Clients and Create client
Choose OpenID Connect client type and give it a Client ID, then click Next

Adding a user in your application doesn't automatically create the user on CISO Assistant

You can now with the parameters you've retrieved.