Keycloak (SSO)

 

Step 1

Sign in to the Keycloak Admin portal using your Keycloak administrator account and create a new Realm if one is not created already.


Step 2

Navigate to "Clients" -> "Create client"

  • Select SAML from the Client type dropdown menu.
  • Set the Client ID (Entity ID) field: https://www.islonline.net/sso/saml/sp/domain/<domain>/metadata.xml - Use the SAML 2.0 endpoint URL that we have provided to you over email, those will contain your actual domain name instead of <domain>.
  • Fill out the Name (e.g. ISL Cloud) and Description.

Click Next.


Step 3

Set the following fields:

  • Root URL: https://www.islonline.net
  • Home URL: https://account.islonline.net/users/isllight/start.html
  • Valid redirect URIs: https://www.islonline.net/* and https://www.account.islonline.net/*



Step 4

Navigate to the Advanced tab, and set:

  • Assertion Consumer Service POST Binding URL (mandatory):
    https://www.islonline.net/sso/saml/sp/domain/<domain>/acspost
  • Logout service POST Binding URL (mandatory):
    https://www.islonline.net/sso/saml/sp/domain/<domain>/slopost


Step 5

Navigate to the Client scopes tab, and click on the default "Dedicated" scope.


Step 6

Click Add mapper -> By configuration -> User attribute and set the fields:

Email (mandatory): e-mail
First name (optional): first-name
Last name (optional): last-name

Group list (optional): groups

Note: In larger organizations the number of groups a user is a member of may exceed the ISL Conference Proxy limit, that is 100 groups per user. If your user's group membership count exceeds this limit, we recommend restricting the groups emitted in claims only to the relevant groups for the application.


Step 7

Store the SAML claim names (Name column on the screenshot above) as you will need to include them to the email sent to ISL Online support team later (You can attach a screenshot when providing the claims).


Step 8

Navigate to Realm settings, and scroll down to find Endpoints. Open or Copy the SAML 2.0 Identity Provider Metadata and store the URL as you will need to include it to the email sent to ISL Online Support team later.


You are now finished with the basic Keycloak configuration and may proceed with Step 6 of the Basic SSO configuration.

Was this article helpful?

Cookie Consent

We use cookies to ensure the proper functioning of our website (essential cookies) and, with your consent, for other purposes (functional and other cookies) as outlined in our Cookie Policy and Privacy Policy. You can update your cookie preferences at any time.