Home
PricingDemo Request

Keycloak SSO

This page describes configuring Keycloak SSO for Lenses authentication.

1

Create a new SAML application client in Keycloak

  • Go to Clients

  • Click Create

  • Fill in the details: see the table below.

  • Click Save

SettingValue

Client ID

Use the base.url of the Lenses installation e.g. https://lenses-dev.example.com

Client Protocol

Set it to saml

Client Saml Endpoint

This is the Lenses API point for Keycloak to call back. Set it to [BASE_URL]/api/v2/auth/saml/callback?client_name=SAML2Client. e.g. https://lenses-dev.example.com/api/v2/auth/saml/callback?client_name=SAML2Client

2

Update Client Settings

Change the settings on client you just created to:

SettingValue

Name

Lenses

Description

(Optional) Add a description to your app.

SAML Signature Name

KEY_ID

Client Signature Required

OFF

Force POST Binding

ON

Front Channel Logout

OFF

Force Name ID Format

ON

Name ID Format

email

Root URL

Use the base.url of the Lenses installation e.g. https://lenses-dev.example.com

Valid Redirect URIs

Use the base.url of the Lenses installation e.g. https://lenses-dev.example.com

3

Map users to groups

Configure Keycloak to communicate groups to Lenses. Head to the Mappers section.

  1. Click Create

  2. Fill in the details: see table below.

  3. Click Save

SettingValue

Name

Groups

Mapper Type

Group list

Group attribute name

groups (case-sensitive)

Single Group Attribute

ON

Full group path

OFF

4

Download SAML Certificates

Download the Federation Metadata XML file with the Keycloak IdP details.

5

Configure SAML in HQ

SAML configuration is set in HQ's config.yaml file. See here for more details.

PreviousGoogle SSONextOkta SSO

Last updated

Logo

Resources

PrivacyCookiesTerms & ConditionsCommunity EULA

2024 © Lenses.io Ltd. Apache, Apache Kafka, Kafka and associated open source project names are trademarks of the Apache Software Foundation.