Keycloak – Create a SAML 2.0 Client

Published by Tobias Hofmann on

1 min read

In this step a new SAML 2.0 client is created in Keycloak by importing the Gateway SP metadata. After activating and configuring SAML 2.0 in Gateway, a Service Provider (SP) was created. A metadata file for that SP is available at the saml2 Web Dynpro ABAP application. This metadata file needs to be exported and imported in Keycloak.

SAML 2.0 is based on trust between the IdP and SP. The trust is established by importing the metadata of the other endpoint. To establish the trust, you import the Keycloak IdP metadata in Gateway and the Gateway SP metadata in Keycloak.

Export Gateway SAML 2.0 Service Provider metadata

Tx: SAML2

Click on Metadata.

Select what to include in the metadata file. You can keep all options selected.

This will start the download of the SAP Gateway SAML 2.0 Service Provider metadata file. A sample metadata file for Gateway as SAML 2.0 SP can be found in my GitLab repository.

Add SAML 2.0 SP Client in Keycloak

Log in to Keycloak admin console and create a new client.

Client Protocol: saml
Import: import SP Metadata xml file

After uploading the previous obtained SAP Gateway SAML 2.0 SP metadata, the client information is automatically filled out.

Save

The SAML 2.0 client is created and the configuration screen is shown. Here you can configure the client to meet your specific requirements. Normally keeping most values at default should work. Some options you have to configure:

Name ID Format: username
Valid Redirect URIs: /*


Note

To be able to read the Assertions, do not encrypt them. That is: you as a person. In a secured environment, these should be encrypted.

Let the world know
Categories: CloudSAPTechnology
Tags:

Tobias Hofmann

Doing stuff with SAP since 1998. Open, web, UX, cloud. I am not a Basis guy, but very knowledgeable about Basis stuff, as it's the foundation of everything I do (DevOps). Performance is king, and unit tests is something I actually do. Developing HTML5 apps when HTML5 wasn't around. HCP/SCP user since 2012, NetWeaver since 2002, ABAP since 1998.

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts

SAP Technology

Access to S/4HANA tutorials

5 min readQuick Tour is a feature from the FLP and part of user assistance. It can add tremendous value and is also featured in the SAP Learning course: Learning the Basics of SAP Fiori. Read more…

SAP Technology

Where is BAS 3.0?

3 min readRecently I faced a problem with SAP Business Application Studio. For solving it, I used Google. And I found an SAP Note: 3030549. The note contains a section about the affected products. Of Read more…

Technology

OData V4 service group is not published

5 min readScenario You want to connect the Fiori tools (BAS or VS Code) to your S/4HANA system. Problem The wizard for configuring / connecting the S/4HANA system shows an error for OData v4 services Read more…