Migrating custom SAML provider to Keycloak


We have multiple clients able to log in to our in-house service for SSO using SAML IdP. We would like to switch from our in-house SSO service to Keycloak as seamlessly as possible.

I’m able to import users and add new SAML Identity Providers in Keycloak. The tricky part has been trying to make it so our clients can continue logging in without changing the configuration on their end. Is that possible? Some other way of allowing the old system to authenticate to Keycloak?

The clients currently click a link e.g. https://auth.example.com/saml-abc – we have control over the domain and could point it to Keycloak – but that’s not the URL pattern Keycloak uses. Can the old system redirect or proxy to the new Keycloak URL?

Thanks for any help

I would say that’s not a problem. Use reverse proxy in front of Keycloak and make 301 redirect there from old URL pattern to Keycloak URL pattern.

Thank you, I’ll get that set up and give it a try.