Keycloak SSO
This pages describes configuring Lenses with Keycloak SSO.
Integrate your user groups with Lenses using the Keycloak group names. Create a group in Lenses using the same case-sensitive group name as in Keycloak.
For example, if the Engineers group is available in Keycloak, with Lenses assigned to it, create a group with the same name.
Create a new SAML application client in Keycloak
Go to Clients
Click Create
Fill in the details: see the table below.
Click Save
| Setting | Value |
|---|---|
Client ID | Use the |
Client Protocol | Set it to |
Client Saml Endpoint | This is the Lenses API point for Keycloak to call back. Set it to |
Change the settings on client you just created to:
| Setting | Value |
|---|---|
Name |
|
Description | (Optional) Add a description to your app. |
SAML Signature Name |
|
Client Signature Required |
|
Force POST Binding |
|
Front Channel Logout |
|
Force Name ID Format |
|
Name ID Format |
|
Root URL | Use the |
Valid Redirect URIs | Use the |
Map user groups
Configure Keycloak to communicate groups to Lenses. Head to the Mappers section.
Click Create
Fill in the details: see table below.
Click Save
| Setting | Value |
|---|---|
Name |
|
Mapper Type |
|
Group attribute name |
|
Single Group Attribute |
|
Full group path |
|
Download IdP XML file
Configure in the security.conf file.
Last updated
