Implement SAML based SSO with KeyCloak

Zhimin Wen
4 min readMay 6, 2024
By DALLE 3

Let’s explore SAML integration with KeyCloak.

Installation of KeyCloak On OpenShift

With the Operator, the KeyCloak installation can be full automated.

Create a namespace named as keycloak, then subscribe the operator with the following YAML

apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
name: keycloak-og
namespace: keycloak
spec:
targetNamespaces:
- keycloak
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: rhsso-operator
namespace: keycloak
spec:
name: rhsso-operator
source: redhat-operators
sourceNamespace: openshift-marketplace

We are using the rhsso-operator from the catalog of Redhat Operators. Once the operator runs, create the keycloak resource as below,

apiVersion: keycloak.org/v1alpha1
kind: Keycloak
metadata:
name: my-keycloak
labels:
app: sso
namespace: keycloak
spec:
externalAccess:
enabled: true
instances: 1

The operator will create the Postgress Database and the Keycloak instance. Once the pods are all ready, retrieve the admin’s password,

 oc get secret credential-{{ .name }} -n {{ .ns }} \
-o jsonpath='{.data.ADMIN_PASSWORD}' | base64 -d;echo

--

--