Logon LabsBread and Butter

We’ve made some changes. Logonlabs.com is still here for you to view but, if you want the latest on our product please view the Bread & Butter IO website here:
https://breadbutter.io/

How To Set Up Your Own Keycloak App (SAML)

Step 1

Log in to your Keycloak account as an Administrator.


Step 2

Go to Clients in the left menu, and click Create.


Step 3

  • For Client ID, enter a name for your App. Take note of this Client ID for the last step in LogonLabs.
  • For Client Protocol, select saml.
  • Click Save.
Step 3

Step 4

  • Set Sign Assertions to ON.
  • Set Client Signature Required to OFF.
  • For Valid Redirect URIs, enter:

    https://api.logonlabs.com/callback

  • Click Save.
Step 4

Step 5

Go to the Mappers tab, and click on Add Builtin.

Step 5

Step 6

  • Select X500 email, X500 givenName, and X500 surname.
  • Click Add selected.
Step 6

Step 7

  • Click on X500 surname.
  • Change the SAML Attribute Name to last_name.
  • Click Save.
Step 7

Step 8

  • Click on X500 email.
  • Change the SAML Attribute Name to email.
  • Click Save.
Step 8

Step 9

  • Click on X500 GivenName.
  • Change the SAML Attribute Name to first_name.
  • Click Save.
Step 9

Step 10

  • Go to Realm Settings in the left menu.
  • Under the General tab, click on SAML 2.0 Identity Provider Metadata.
  • Copy the SingleSignOnService URL. This is your Login URL for the next step.
  • Also copy the X509Certificate. This is your X509 Certificate for the next step.

Step 11

LogonLabs Setup:

  1. Go to logonlabs.com
  2. Click Sign In and authenticate (or Sign Up make a new account and authenticate).
  3. Navigate to Default Rules (or Domain Rules and open/create a domain module).
  4. Click on the Keycloak button under Enterprise Identity Providers.
  5. Click Add.
  6. Choose SAML for the protocol.
  7. Enter a name.
  8. Enter a description (optional).
  9. Enter the Login URL from the previous step.
  10. Enter the Client ID from step 3.
  11. Enter the X.509 Certificate from the step above.
  12. Click Add
  13. Enable Okta by clicking the new entry in the Keycloak Identity Providers list.