Migrating custom SAML provider to Keycloak

zopen · March 1, 2022, 4:22pm

Hello,

We have multiple clients able to log in to our in-house service for SSO using SAML IdP. We would like to switch from our in-house SSO service to Keycloak as seamlessly as possible.

I’m able to import users and add new SAML Identity Providers in Keycloak. The tricky part has been trying to make it so our clients can continue logging in without changing the configuration on their end. Is that possible? Some other way of allowing the old system to authenticate to Keycloak?

The clients currently click a link e.g. https://auth.example.com/saml-abc – we have control over the domain and could point it to Keycloak – but that’s not the URL pattern Keycloak uses. Can the old system redirect or proxy to the new Keycloak URL?

Thanks for any help

jangaraj · March 1, 2022, 7:07pm

I would say that’s not a problem. Use reverse proxy in front of Keycloak and make 301 redirect there from old URL pattern to Keycloak URL pattern.

zopen · March 1, 2022, 8:44pm

Thank you, I’ll get that set up and give it a try.

phamann · January 13, 2023, 10:38pm

Hey @zopen I’m trying to achieve the same type of SAML migration you discussed in this thread, and was wondering if you were successful? And if so what you did to achieve this? Was redirecting the POST binding request sufficient?

Topic		Replies	Views
Keycloak SAML authentication redirection Configuring the server saml	10	11098	December 15, 2021
Keycloak behind Reverse Proxy - SAML response Getting advice saml	0	564	August 18, 2022
SAML brokering: Authenticate without using Keycloak UI Getting advice identity-brokering , saml	2	742	May 30, 2023
Having issues getting SAML auth to redirect to page Getting advice saml	4	975	March 29, 2023
Keycloak saml redirection issue for https Getting advice authentication , saml	1	815	February 5, 2024

Migrating custom SAML provider to Keycloak

Related topics