Hello Fam,
I am a Junior Network Engineer trying to achieve SSO at least for SAML applications.
I have freeIPA as my IdM and Keycloak as my IdP.
Configuration wise on the Keycloak side I am not sure if everything is correct.
My test application is Cisco FMC.
Would someone be kind enough to sync with me and we go through the setup together so we can check what is the missing step?
Best regards,
Chris
If possible, if you’re just starting to work with IAM, I recommend starting with OIDC/OAuth as the federation standard for enabling SSO between applications. It’s going to be easier for you compared to SAML, which can be a bit tricky in some cases.
For the Keycloak deployment, just start with the Docker deployment [1]. The first step is to understand the open standards and how they work. After that, the configuration is pretty much the same across any Identity Provider.
One common point that people often miss when talking about SSO: it’s all about the IdP’s cookie. Period. There’s no magic here. If you have a valid cookie/session in the IdP and two applications are integrated with the same realm, you will have SSO.
If, for some reason, SAML is your only option for federation, my recommendation is to start simple: just a signed SAML response from the IdP. Then you can move on to configuring additional options if needed, such as signed SAML requests or encrypted SAML responses.