Implement SAML based SSO with KeyCloak
4 min readMay 6, 2024
Let’s explore SAML integration with KeyCloak.
Installation of KeyCloak On OpenShift
With the Operator, the KeyCloak installation can be full automated.
Create a namespace named as keycloak, then subscribe the operator with the following YAML
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
name: keycloak-og
namespace: keycloak
spec:
targetNamespaces:
- keycloak
---
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
name: rhsso-operator
namespace: keycloak
spec:
name: rhsso-operator
source: redhat-operators
sourceNamespace: openshift-marketplace
We are using the rhsso-operator from the catalog of Redhat Operators. Once the operator runs, create the keycloak resource as below,
apiVersion: keycloak.org/v1alpha1
kind: Keycloak
metadata:
name: my-keycloak
labels:
app: sso
namespace: keycloak
spec:
externalAccess:
enabled: true
instances: 1
The operator will create the Postgress Database and the Keycloak instance. Once the pods are all ready, retrieve the admin’s password,
oc get secret credential-{{ .name }} -n {{ .ns }} \
-o jsonpath='{.data.ADMIN_PASSWORD}' | base64 -d;echo