Using KeyCloak for SAML authentication on NetApp ONTAP

I am no expert in SAML, but I am trying to setup our storage system to use KeyCloak to authenticate up against. The process is described in this link “Configuring SAML authentication in ONTAP System Manager for 9.8 and newer - NetApp Knowledge Base” and we have gotten as far as installing KeyCloak behind our trafik and it seems to work OK with other applications like portainer etc… But NetApp uses SAML and their documentation points towards Microsoft’s IdP etc… We have ended up where the storage system generates a host.xml file that is supossed to be imported into the IdP which we cannot see where we can do in KeyCloak… so if anyone can tell us if this is even possible? NetApp states that as long as the IdP follows the SAML 2.0 standard it should be able to work… :slight_smile:

So, NetApp is Service Provider, Keycloak is IdentityProvider?

If that is the case:
Keycloak setup:

  • xml file add as a client. Go to clients, then “import client” and select xml file.
  • export IDP metadata under Realm settings, there is SAML metadata: [SAML 2.0 Identity Provider Metadata] that you need to import to your NetApp as setup for IDP

NetAPP setup:

  • User exported SAML metadata form IDP (Keycloak) and create new Identity Provider with XML from Keycloak