Implement SAML based SSO with KeyCloak

4 min readMay 6, 2024

Let’s explore SAML integration with KeyCloak.

Installation of KeyCloak On OpenShift

With the Operator, the KeyCloak installation can be full automated.

Create a namespace named as keycloak, then subscribe the operator with the following YAML

apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: keycloak-og
  namespace: keycloak
spec:
  targetNamespaces:
    - keycloak
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: rhsso-operator
  namespace: keycloak
spec:
  name: rhsso-operator
  source: redhat-operators
  sourceNamespace: openshift-marketplace

We are using the rhsso-operator from the catalog of Redhat Operators. Once the operator runs, create the keycloak resource as below,

apiVersion: keycloak.org/v1alpha1
kind: Keycloak
metadata:
  name: my-keycloak
  labels:
    app: sso
  namespace: keycloak
spec:
  externalAccess:
    enabled: true
  instances: 1

The operator will create the Postgress Database and the Keycloak instance. Once the pods are all ready, retrieve the admin’s password,

 oc get secret credential-{{ .name }} -n {{ .ns }} \
  -o jsonpath='{.data.ADMIN_PASSWORD}' | base64 -d;echo

Implement SAML based SSO with KeyCloak

Installation of KeyCloak On OpenShift

Written by Zhimin Wen