Security Journey

Keycloak is an open source identity and access management technology that integrates with applications in the cloud, on-premises, or on a mobile device. This documentation describes how to configure a single sign-on integration between Keycloak as the Identity Provider (IdP) and the Single Sign-On Service (SSO) for Security Journey as the Service Provider (SP).

All SSO communication takes place over TLS/SSL.

In your Keycloak admin console, select the realm that you want to use. From left menu, select <b>Clients</b>.

Create a new client/application. Configure the following:

Client ID: <code>urn:amazon:cognito:sp:us-east-1_CHi5tsM8X</code>

Include OneTimeUse Condition: <code>OFF</code>

Optimize REDIRECT signing key lookup: <code>OFF</code>

Signature Algorithm: <code>RSA_SHA256</code>

SAML Signature Key Name: <code>NONE</code>

Canonicalization Method: <code>EXCLUSIVE</code> 

Client Signature Required: <code>OFF</code>

Root URL: <code> https://auth.hackedu.com/saml2/idpresponse </code>

Valid Redirect URIs: <code> https://app.hackedu.com/* </code>

- Client ID: <code>urn:amazon:cognito:sp:us-east-1_CHi5tsM8X</code>
- Name: Security Journey
- Description: Security Journey
- Enabled: <code>ON</code>
- Consent Required: <code>OFF</code>
- Client Protocol: <code>saml</code>
- Include AuthnStatement: <code>ON</code>
- Include OneTimeUse Condition: <code>OFF</code>
- Force Artifact Binding: <code>OFF</code>
- Sign Documents: <code>ON</code>
- Optimize REDIRECT signing key lookup: <code>OFF</code>
- Sign Assertions: <code>ON</code>
- Signature Algorithm: <code>RSA_SHA256</code>
- SAML Signature Key Name: <code>NONE</code>
- Canonicalization Method: <code>EXCLUSIVE</code> 
- Encrypt Assertions: <code>OFF</code>
- Client Signature Required: <code>OFF</code>
- Force POST Binding: <code>ON</code>
- Front Channel Logout: <code>OFF</code>
- Force Name ID Format: <code>ON</code>
- Name ID Format: <code>Email</code> 
- Root URL: <code> https://auth.hackedu.com/saml2/idpresponse </code>
- Valid Redirect URIs: <code> https://app.hackedu.com/* </code>

Export a metadata.xml file from your Keycloak client. From the Installation tab, choose the <i>SAML Metadata IDPSSODescriptor format</i> option and download your file.

You can follow the instructions on this page to upload your metadata file in Security Journey. 

Additional instructions can be found in <a href="https://www.keycloak.org/docs/latest/server_admin/#saml-clients" rel="nofollow noopener noreferrer" target="_blank">KeyCloak's Documentation</a>.

Configuring Keycloak

Configuring Keycloak as IdP

Upload Metadata File

Additional Resources