SAML with Keycloak

[juliusknorr]

Keycloak is nicer for testing SSO with SAML than simplesamlphp. Config is working, but needs documentation and auto setup.

Notes for later

occ saml:config:create
occ saml:config:set \
        --general-idp0_display_name "Keycloak SAML" \
        --general-uid_mapping "username" \
        --idp-entityId "http://keycloak.dev.local/auth/realms/Example" \
        --idp-singleLogoutService.url "http://keycloak.dev.local/auth/realms/Example/protocol/saml" \
        --idp-singleSignOnService.url "http://keycloak.dev.local/auth/realms/Example/protocol/saml" \
        --idp-x509cert="$(cat keycloak.crt)" \
        --security-authnRequestsSigned 1 \
        --security-logoutRequestSigned 1 \
        --security-logoutResponseSigned 1 \
        --security-wantAssertionsEncrypted 0 \
        --security-wantAssertionsSigned 1 \
        --security-wantMessagesSigned 1 \
        --security-nameIdEncrypted 0 --security-wantNameId 0 \
        --security-wantNameIdEncrypted 0 \
        --sp-x509cert="$(cat public.cert)" \
        --sp-privateKey="$(cat private.key)" \
        "1"

dummycertkeys.zip