Learn how to configure Single Sign-On in Kendis using Keycloak as your SAML Identity Provider.
β
Follow this step-by-step guide to complete the setup and enable secure access for your users.
Step 1: Login and Create a SAML Client in Keycloak
Go to your desired realm in the Keycloak admin console.
Navigate to Clients > Create.
Client ID: Enter a unique identifier (e.g.,
kendis-saml).Client Protocol: Select SAML.
Click Save.
Step 2: Configure Redirect URL
In the client settings, set the Valid Redirect URI to:
βhttps://<your-kendis-domain>/login/saml
βSave your changes.
Step 3: Disable Client Signature
Go to the Keys tab of your SAML client.
Set Client Signature Required to
OFF.
Step 4: Get the SSO URL and Certificate
Go to the Installation tab.
Select SAML Metadata IDPSSODescriptor format.
Copy:
Single Sign-On URL
X.509 Certificate
These will be used in your Kendis SSO setup (Step-7).
Step 5: Map SAML Attributes
Go to the Mappers tab and add the following mappers:
Name | Type | SAML Attribute | Value |
User Property |
|
| |
First Name | User Property |
|
|
Last Name | User Property |
|
|
Groups | Group List |
| ... |
Note: The groups attribute is required for group-based access in Kendis.
Step 6: Add Group Scope (if needed)
Ensure the group scope is included in tokens if you manage access via groups.
Step 7: Complete Setup in Kendis
Go to Admin β SSO Settings in Kendis.
Select Keycloak as the provider.
Paste the:
SSO URL
X.509 Certificate
Client ID (Entity ID)
Set default group or permissions as needed.