Skip to main content

Configure SSO with Keycloak

  1. Sign in to the Rapidfort Platform using an admin account.

Sign In

  1. Navigate to Settings > Single sign-on.

SSO Configuration Tab

  1. Complete the SSO configuration fields:

Keycloak Configuration

  • Display Name: This is the name that will appear on Keycloak's dashboard for this application.
  • Client ID: The ID that the application uses to request authentication or access tokens from Keycloak.
  • Client Secret: Used alongside the Client ID to securely authenticate the application to Keycloak.
  • Well-Known URI: A URI to retrieve metadata related to Keycloak’s configuration (e.g., authorization and token endpoints).
  • IDP Scope: Defines the specific user information or resources requested during authentication.
How to generate Client ID and Client Secret from Keycloak Console

To generate the Client ID and Client Secret:

  1. Go to your hosted keycloak service and login in with your credentials.

Keycloak Configuration

  1. Go to Manage > Clients.

Keycloak Configuration

  1. Click Create client:

Keycloak Configuration

  1. Fill your configuration in General settings and click on Next

Keycloak Configuration

  1. In Capability config section
    • Turn on client authentication
    • Click the Service account roles checkmark
    • Click Next

Keycloak Configuration

  1. In Login settings
    • For now we won’t change anything in Login setting, we will come back here later to add our redirect URIs
    • Click on Save and save your application

Keycloak Configuration

  1. In the Client details page, copy your client ID in this tutorial it is demo

Keycloak Configuration

  1. On the client details page, click on Credentials and copy the Client Secret and fill it in the Rapidfort UI

Keycloak Configuration

  1. For the Well-Known URI, Go to Realm Settings in Keycloak.
    • Scroll to Endpoints and open OpenID Endpoint Configuration.
info

Generate your Well-Known URI using this format:
http://keycloakhost:keycloakport/realms/{realm}/.well-known/openid-configuration.

note

For more information, Read this guide from Keycloak: Secure applications and services with OpenID Connect - Keycloak

Keycloak Configuration

  1. Fill in the IDP Scope based on your organization’s authentication requirements, then click Submit.
  2. After submission, you will see two IDP Redirect URLs.

Keycloak Configuration

  1. Return to Keycloak Client Details > Settings.
    • Under Access settings, add the redirect URI to the Valid Redirect URI field.
    • Save your configuration.

Keycloak Configuration

  1. Sign out of the platform
  2. Test the new SSO configuration by signing in again using your organization’s OpenID connect credentials.

Your Single Sign-On setup with Keycloak for the Rapidfort platform is now complete.