Hello,
First of all, many thank for your reply.
The steps that we followed have been:
Create the client in Keycloak whose configuration I am pasting here:
{
"clientId": "https://github.com/orgs/OUR_ORG",
"name": "GitHub EITS-LH",
"adminUrl": "",
"baseUrl": "/auth/realms/LafargeHolcim/protocol/saml/clients/CLIENt_NAME",
"surrogateAuthRequired": false,
"enabled": true,
"alwaysDisplayInConsole": false,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"https://github.com/"
],
"webOrigins": [],
"notBefore": 0,
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": true,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": false,
"serviceAccountsEnabled": false,
"publicClient": false,
"frontchannelLogout": true,
"protocol": "saml",
"attributes": {
"saml.assertion.signature": "true",
"saml_idp_initiated_sso_relay_state": "https://github.com/orgs/OUR_ORG/saml/consume",
"saml_assertion_consumer_url_redirect": "",
"saml.force.post.binding": "true",
"saml.multivalued.roles": "false",
"saml.encrypt": "false",
"login_theme": "base",
"saml_assertion_consumer_url_post": "https://github.com/orgs/OUR_ORG/saml/consume",
"saml.server.signature": "true",
"saml_idp_initiated_sso_url_name": "CLIENT_NAME",
"saml.server.signature.keyinfo.ext": "false",
"exclude.session.state.from.auth.response": "false",
"saml.signing.certificate": "OUR_CERT",
"saml.signature.algorithm": "RSA_SHA256",
"saml_force_name_id_format": "false",
"saml.client.signature": "false",
"tls.client.certificate.bound.access.tokens": "false",
"saml.authnstatement": "true",
"display.on.consent.screen": "false",
"saml.signing.private.key": "OUR_PK",
"saml_name_id_format": "username",
"saml.onetimeuse.condition": "false",
"saml_signature_canonicalization_method": "http://www.w3.org/2001/10/xml-exc-c14n#"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": true,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"profile",
"roles",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
],
"access": {
"view": true,
"configure": true,
"manage": true
}
}
And then, in GIT, we set the certificate, and the entity of keycloak, nothing too special
Thank you!