A Service provider needs to be set up in the SAML identity provider for Keycloak using a certificate generated by the Keycloak API.
- Use the Keycloak certificate descriptor API. The URL of the API is https://keycloak.example.com/auth/realms/alfresco/protocol/saml/descriptor.
-
Copy the value of <dsig:X509Certificate>.Paste the value of
<dsig:X509Certificate> into a new text file between the
-----BEGIN CERTIFICATE----- and -----END
CERTIFICATE----- commands. The following is an example of a
completed text file:
-----BEGIN CERTIFICATE----- MIICnzCCAYcCBgFkqEAQCDANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDDAhhbGZyZXNjbzA -----END CERTIFICATE-----
- Save the file with the file extension .cert.
-
Sign into the SAML identity provider as an administrator and configure a new
service provider:
- The base URL to use is: https://keycloak.example.com/.
- Use the certificate created in the previous step.
- The redirect URI to use will be in the format https://keycloak.example.com/auth/realms/alfresco/broker/saml/endpoint.
Note: The Alfresco part of the URL is the name of the realm configured in Configure a realm and clients. Make sure this is changed if you used a different realm name. - Export or note down the details of the newly created service provider to import into Keycloak in the following step.