Keycloak API not exposing all settings for SAML Clients

I am currently trying to configure SSO for a client via SAML 2.0 and the way i have to do it is by sending HTTP Requests to the Keycloak Rest API Server. I am facing some difficulties finding the right parameters to set, specifically for these 2 settings:

Sign Assertions is false by default and i need to toggle it to true.
Client Signature Required is true in my configuration and i need to toggle it to false.

The parameters i am currently sending to the Keycloak API are:

enabled: true
clientId: "{{ client_id }}"
name: "{{ client_name }}"
description: "{{ client_description }}"
protocol: "saml"
frontchannelLogout: true
consentRequired: false
baseUrl: "https://{{ app_name }}.{{ domain }}/"
rootUrl: "https://{{ app_name }}.{{ domain }}/"
  - "https://{{ app_name }}.{{ domain }}/*"

I am formatting the request itself via Ansible. The formatting is being done correctly, it’s just that i didn’t find those settings documented anywhere. Is it not possible to set those via the API server?


Use the Keycloak console (UI in the browser) and create SAML client there + inspect requests in the browser network console. You will see how correct payload should looks like. You will see how Keycloak client model uses client attributes to save specific SAML configuration ( Sign Assertions, Client Signature Required included). Then just implement the same also in your Ansible request(s).