For a site to setup SSO they need to setup an identity provider (IdP)
This can be done via several platforms with one of the most common used by businesses being via Microsoft Active Directory on Azure.
Popular identity providers
Microsoft.
Google.
Facebook.
Apple.
Amazon Web Services (AWS)
Okta
OneLogin
This can be done via several platforms with one of the most common used by businesses being via Microsoft Active Directory on Azure.
Popular identity providers
Microsoft.
Google.
Facebook.
Apple.
Amazon Web Services (AWS)
Okta
OneLogin
Auth0
SecureAuth
IdP Requirements
IdP Requirements
These are there requirements for the clients IdP in order to integrate with Keycloak. The clients Systems administrator would need to deploy an IdP with these in mind.
1. Communicate over the Internet using HTTP 1.1 and TLS 1.2 minimum
2. Support the following SSO authentication protocols, in order of preference
i. OpenID Connect (OIDC) v1.0
ii. OAuth2
iii. Security Assertion Markup Language (SAML) v2.0
3. Support the following credential exchange methods for OIDC and OAuth2 protocols
i. Signed JSON Web Token (JWT) using one of the asymmetrical signing algorithms listed
ES256
ES384
ES512
RS256
RS384
RS512
PS256
PS384
PS512
ii. Symmetrical pre-shared key (Client Secret)
4. Support validation of signatures using certificates either manually uploaded or using JWKS
5. Supply the following user information
i. Email Address
ii. First Name
iii. Last Name
The client needs to provide the following to [ui] to integrate KeyCloak with their IdP
1. The Client ID for this application, assigned by the IDP.
2. An IDP metadata configuration document for the protocol chosen.
3a. The Client Secret, if using the symmetrical pre-shared key (client secret) client authentication method for OIDC and OAuth2.
3b. The Client Signing Algorithm, if using the signed JWT client authentication method for OIDC and OAuth2.
2. An IDP metadata configuration document for the protocol chosen.
3a. The Client Secret, if using the symmetrical pre-shared key (client secret) client authentication method for OIDC and OAuth2.
3b. The Client Signing Algorithm, if using the signed JWT client authentication method for OIDC and OAuth2.