How To Set Up Your Own Keycloak App (SAML)
Step 1
Log in to your Keycloak account as an Administrator.
Step 2
Go to Clients in the left menu, and click Create.
Step 3
- For Client ID, enter a name for your App. Take note of this Client ID for the last step in LogonLabs.
- For Client Protocol, select saml.
- Click Save.

Step 4
- Set Sign Assertions to ON.
- Set Client Signature Required to OFF.
- For Valid Redirect URIs, enter:
https://api.logonlabs.com/callback
- Click Save.

Step 5
Go to the Mappers tab, and click on Add Builtin.

Step 6
- Select X500 email, X500 givenName, and X500 surname.
- Click Add selected.

Step 7
- Click on X500 surname.
- Change the SAML Attribute Name to last_name.
- Click Save.

Step 8
- Click on X500 email.
- Change the SAML Attribute Name to email.
- Click Save.

Step 9
- Click on X500 GivenName.
- Change the SAML Attribute Name to first_name.
- Click Save.

Step 10
- Go to Realm Settings in the left menu.
- Under the General tab, click on SAML 2.0 Identity Provider Metadata.
- Copy the SingleSignOnService URL. This is your Login URL for the next step.
- Also copy the X509Certificate. This is your X509 Certificate for the next step.
Step 11
LogonLabs Setup:
- Go to logonlabs.com
- Click Sign In and authenticate (or Sign Up make a new account and authenticate).
- Navigate to Default Rules (or Domain Rules and open/create a domain module).
- Click on the Keycloak button under Enterprise Identity Providers.
- Click Add.
- Choose SAML for the protocol.
- Enter a name.
- Enter a description (optional).
- Enter the Login URL from the previous step.
- Enter the Client ID from step 3.
- Enter the X.509 Certificate from the step above.
- Click Add
- Enable Okta by clicking the new entry in the Keycloak Identity Providers list.