Keycloak: SSO SAML

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everybody hola todos chez frisco in this video about key cloak i'm going to show you how to set up single sign-on using sum of 2-0 protocol a part of using keyclock i will use jump cloud service there are a lot of single sign-on providers that support oauth2 open id sum20 you can google for them i will be using jumpcloud because it gives you a free account that is not a trial which expires after a month jumpcloud free account has its limits but for small teams or proof of concepts it's ideal so if you don't have single sign-on sound provider check these guys out i will be setting up single sign-on in parallel because both parties they need to be aware of each other i will start with key cloak i have key cloak running on my kubernetes already as you know from previous videos so let's assume that we have a new customer a new tenant and this time require requires single sign-on using sound to zero so let's add a new realm customer free okay new realm created let's set up single sign on here under the identity providers select sample to zero alias jump cloud friendly name jumpcloud and i'm going to copy this url in jump cloud i'm going into single sign-on there's a catalog of pre-built sso connectors and it is a custom application so we will have to add a custom saml app let's assume it is a huddle application access url is this service provider identifier is this part identity provider id is jump cloud these values have to match with key cloak otherwise some will not work as a name id will be using email that's right but we will use email address format we want our summer sessions to be signed key clock on the other hand will be verifying uh those signatures making sure that they indeed were issued by jumpcloud url we will call it hotel and we will set it up in a in a moment in key cloak and now important thing the summer session comes with just the email address we in key cloud would like to sync first name and last name as well so let's add these attributes to saml as well so first name and we also want last name last name okay that's all in user groups we also have to enable which groups have access to this some application in our case all users okay we are ready now activate yeah continue and it's ready we will now sorry we will now export metadata and in key clock console we will import it and hit input okay so we see that this url was populated name id format was changed to email we have some other settings enabled we will be validating the signature of course and we will trust the email okay so let's save it in mappers we will map first name and last name to keyclock attributes so let's hit create first name mapper type attribute importer so the attribute name in summer as first name lower case in key cloak as you can see in the tip they are using camel case so first name camel case let's hit save okay let's add last name in sum it's lowercase lastname in keycode it's camera case okay and that's everything we we need let's try to login now into our account so as you can see now on the login page on the right i have a jump cloud button so i'm going to click it redirected to jumpcloud and i have the login page here i have a test account created it's johnny putnik i will log in i've enabled mfa on that account so i have to provide a verification code 793647 login and it worked i'm in key cloak now email is pre-populated as well as first name and last name from the some assertions let's let's save it and yeah this account is now ready to be used in key cloak so folks in this video that's all in the next video i'm going to show you how to configure social providers like for example github stay tuned like the video and subscribe thanks

Info

Channel: Łukasz Budnik

Views: 8,464

Rating: undefined out of 5

Keywords: keycloak, kubernetes, sso, saml, jumpcloud, access management, identity management, microservices

Id: K7mjE58hl4I

Channel Id: undefined

Length: 7min 56sec (476 seconds)

Published: Tue Dec 22 2020