Creating/Importing/Cloning a new SAML client via the provisioning API?

Hey there,

Our realm is slowly migrating from a pure kerberos solution with things like mod_auth_kerb to using keycloak to get a single-sign-on answer that also includes 2fa. We’ve discovered that saml works for most things we’re doing (including some our our outside tools like our HR portal, our openVPN access server, and apache’s mod_auth_mellon).

The keycloak docs do what seems like an unfair comparison between SAML and OIDC here but my experience is that SAML is just more available.

Anyway, I’d like to create a new client, and set fields via the provisioning API. Many of my sites are secured using the same mod_auth_mellon configuration, and as pointed out in another thread, I know everything that keycloak needs set, without having to import an XML file.

So:

1. Can keycloak “import” a client via the provisioning API?

2. Can keycloak create a client and set client-specific fields via the provisioning API?

3. Is there an easy way under the hood to “clone” a client?

1. Seems like no. The API docs list nothing specific about creating a SAML versus OIDC client, there’s just a large block of attributes that are not documented.

I would advise you to create the client with the admin UI and see what calls are being made and then do the same in your script