Enabling Keycloak as SAML Auth provider for Connections

Single sign-on is accomplished by setting up a trust relationship between the Connections server and Keycloak using the IBM WebSphere SAML Assertion Consumer Service (ACS). (SAML ACS TAI).

For background on SAML (OpenID Connect), you can see these topics in the IBM documentation for WebSphere Application Server:

• SAML web single sign-on
• Configuring an SAML ACS TAI

Enabling Keycloak as an SAML auth Provider for Connections, involves completing 2 major steps:

• Configuring Keycloak as an SAML Provider for Connections

• Updating WebSphere to support Keycloak SAML Authentication for Connections

  Note

  You will use values from the Keycloak configuration when configuring the WebSphere TAI and other WebSphere Global Security configurations.

• Configuring Keycloak as SAML auth Provider for Connections
  Configuring Keycloak as the SAML Auth provider for Connections involves a set of configurations that need to be carried out.

• Updating WebSphere to support Keycloak SAML Authentication for Connections Single sign-on is accomplished by setting up a trust relationship between the Connections server and Keycloak using the WebSphere SAML Asserstion Consuler Service Trust Association Interceptor (SAML ACS TAI).

Parent topic: Configuring single sign-on