This page describes configuring Keycloak SSO for Lenses authentication.
SAML configuration is set in HQ's config.yaml file. See here for more details.
Client ID
Use the base.url of the Lenses installation e.g. https://lenses-dev.example.com
Client Protocol
Set it to saml
Client Saml Endpoint
This is the Lenses API point for Keycloak to call back. Set it to [BASE_URL]/api/v2/auth/saml/callback?client_name=SAML2Client. e.g. https://lenses-dev.example.com/api/v2/auth/saml/callback?client_name=SAML2Client
Name
Lenses
Description
(Optional) Add a description to your app.
SAML Signature Name
KEY_ID
Client Signature Required
OFF
Force POST Binding
ON
Front Channel Logout
OFF
Force Name ID Format
ON
Name ID Format
Root URL
Use the base.url of the Lenses installation e.g. https://lenses-dev.example.com
Valid Redirect URIs
Use the base.url of the Lenses installation e.g. https://lenses-dev.example.com
Name
Groups
Mapper Type
Group list
Group attribute name
groups (case-sensitive)
Single Group Attribute
ON
Full group path
OFF