Migrating custom SAML provider to Keycloak

zopen · March 1, 2022, 4:22pm

Hello,

We have multiple clients able to log in to our in-house service for SSO using SAML IdP. We would like to switch from our in-house SSO service to Keycloak as seamlessly as possible.

I’m able to import users and add new SAML Identity Providers in Keycloak. The tricky part has been trying to make it so our clients can continue logging in without changing the configuration on their end. Is that possible? Some other way of allowing the old system to authenticate to Keycloak?

The clients currently click a link e.g. https://auth.example.com/saml-abc – we have control over the domain and could point it to Keycloak – but that’s not the URL pattern Keycloak uses. Can the old system redirect or proxy to the new Keycloak URL?

Thanks for any help

jangaraj · March 1, 2022, 7:07pm

I would say that’s not a problem. Use reverse proxy in front of Keycloak and make 301 redirect there from old URL pattern to Keycloak URL pattern.

zopen · March 1, 2022, 8:44pm

Thank you, I’ll get that set up and give it a try.

phamann · January 13, 2023, 10:38pm

Hey @zopen I’m trying to achieve the same type of SAML migration you discussed in this thread, and was wondering if you were successful? And if so what you did to achieve this? Was redirecting the POST binding request sufficient?

Topic		Replies	Views
IdP Initiated Login: support redirect to an URL provided by an external IdP Getting advice identity-brokering , saml	0	380	December 6, 2023
Conditional IdP Redirector or custom username followed by password login screens? Configuring the server	2	2439	April 6, 2021
Converting Users from Keycloak User to LDAP or brokered OIDC/SAML2 user?	1	301	September 29, 2022
SAML brokering: Authenticate without using Keycloak UI Getting advice identity-brokering , saml	2	419	May 30, 2023
Identity broker and SAML artifacts Configuring the server identity-brokering , saml	6	1524	October 8, 2022

Migrating custom SAML provider to Keycloak

Related Topics