Keycloak SAML provider demo based on example in Keycloak repository for OpenShift, automatically deployed with ansible.
Directory web-app contains source for Docker image with sample web application which is used to test authentication.
Clone the repository, edit the inventory file and add correct host to the [oc_client]
group. This host has to have configured oc
client for OpenShit. You can also use command oc cluster up
on localhost
to start OpenShift locally. Variable public_hosted_zone
needs to be configured to the OpenShift public hosted zone. The xip.io
domain is used when running the OpenShift with oc cluster up
. Everything deployed with this playbook will be in the keycloak-poc
(configurable) project in OpenShift.
git clone https://github.com/pschiffe/keycloak-demo.git
cd keycloak-demo
# Edit inventory file
ansible-playbook -e 'public_hosted_zone=192.168.1.7.xip.io' ./saml-broker/saml-broker.yml
Once the Keycloak is deployed, there will be 2 realms, saml-broker-realm
containing the user (with login user/password
) and providing a SAML v2 Identity Provider and the saml-broker-authentication-realm
which contains local admin user (with login admin/password
) and is used for SAML brokering.
Currently it's not possible to do this without modifying the sso70-https.json
template provided by OpenShift jboss-openshift/application-templates#220
RFE to not import users to the keycloak local database when brokering can be found here https://issues.jboss.org/browse/KEYCLOAK-4429