IDP Brokering from Keycloak to Google, using SAML from #greptail

How to use keycloak as SAML IDP broker for authenticating google account.

Step 1

Create SAML Apple google workspace, refer snapshot below for same required details.

ACS URL would be https://your.keycloak.com/auth/realms/{ream-name-configured-in-step-2}/saml/endpoint

Entity Id would be
https://your.keycloak.com/auth/realms/{ream-name-configured-in-step-2}

Download metadata and save it to your local drive.

Post configuration please keep service status“ON” for every one.

Step 2

Create realm with name “Google” under keycloak, refer image below

Final realm should look this this

Step 3

Create SAML identity provider under realm “Google”, refer image below name it “saml” and import the metadata download from step 1

Final SAML configuration should look like this

Step 4

Checkout the demo of IDP broker from here .

Step 5

Create a client under same realm “google” lets call it “google-client”, for configuration please refer below images

Go go SAML keys tab from client config click import , refer image below

for import select jks file (downloaded in step 4 ) located in src/main/resources/samlKeystore.jks and click ok.

Keycloak configuration completed here.

Step 6

Start the spring boot application downloaded in step 4

open browser type “http://localhost:8080” in address bar, below page will appear click get started

Select identity provider which is your keycloak server URL and click “start third party login”.

Click on SAML, it will redirect to google page, enter your google credentials

On successful authentication it will redirect you to landing page

This is it!

Hope you enjoyed the article.

Thanks
#greptail
Together we can solve

Reference

https://blog.codecentric.de/en/2019/03/secure-spring-boot-app-saml-keycloak/