Knowledge Base
  • Select Role
  • English
  • Login

Joget SSO with Keycloak

Integrating Joget with Keycloak using SAML is essential to maximize efficiency and security in the application development environment. Joget, a rapid application development platform with little or no code, offers a unique plugin architecture that extends its functionality to any level. Integration with external directory services is one of Joget's key features.

SSO (Single Sign-On) enables leveraging authentication from an external platform, which is particularly beneficial for businesses using multiple applications. With SSO, end users do not need to remember various passwords to access different platforms, simplifying and streamlining the login process.

The source code for this plugin is available in the JogetOSS. JogetOSS is a community-led team dedicated to open-source software development for the Joget no-code or low-code application platform. Projects under JogetOSS are community-driven and supported, and users are encouraged to contribute. 

Keycloak is a robust directory service provider capable of connecting to multiple directory services. It also serves as an identity provider, enhancing its value in the integration process. Its versatility and functionality make it a reliable choice for businesses and developers.

Follow these steps to establish a secure Single Sign-On (SSO) environment:

  1. Download and install the plugin from the Joget Marketplace.
  2. Open Joget.
  3. Go to Settings > General Settings.
  4. Under API IP Whitelist, input the external API call IP so SAML API can be accessed from the end-user browser.
  5. Go to Settings > Directory Manager Settings.
  6. Under Select Plugin, choose SAML Directory Manager - 6.0.1.

  7. Click Select. The SAML Directory Configuration setting screen will open.
  8. Copy the SAML API URL.  This is required to create a client in the Keycloat.
  9. Open your KeyCloak admin console.
  10. Go to Realm Settings > Keys Tab.
  11. Click on the Certificate RSA 256 Key.


  12. Copy the Certificate.
  13. Return to the SAML Directory Configuration setting screen of step 7.
  14. Paste the certificate in the IDP Certificate field.
  15. Click Submit.
  16. Open your KeyCloak admin console.
  17. Go to Clients > Create.

  18. Configure the fields in the following way:

    • Client ID: SAML JOGET API URL

    • Name: Optional 

    • Description: Optional 

    • Enabled: ON

    • Consent Required: OFF

    • Login Theme: Optional 

    • Client Protocol: SAML

    • Include AuthnStatement: ON

    • Include OneTimeUse Condition: OFF

    • Sign Documents: OFF

    • Sign Assertions: ON

    • Signature Algorithm: RSA_SHA256

    • SAML Signature Key Name: CERT_SUBJECT

    • Canonicalization Method: EXCLUSIVE

    • Encrypt Assertions: OFF

    • Client Signature Required: OFF

    • Force POST Binding: OFF

    • Front Channel Logout: OFF

    • Force Name ID Format: ON

    • Name ID Format: username

    • Root URL: EMPTY

    • Valid Redirect URIs: https://joget-Server-URL/jw 

    • Base URL: EMPTY

    • Master SAML Processing URL:   SAML JOGET API URL 

    • IDP Initiated SSO URL Name:  SAML JOGET API URL




  19. Click Save.
  20. Open the Mapper tab on the client configuration. 
  21. Add the Built-in mappings.
  22. Define the names for each option so Joget can handle the values. Use the configuration below:
    • X500 surname: User.LastName
    • X500 givenName: User.FirstName
    • X500 email: email
  23. To make it easier for your user to access the keycloak login page, you can add an option in your Joget Login screen to open the KeyCloak Authentication Page.

    Open your AppCenter in userview builder-> Settings-> Login Page UI -> Add the Custom HTML under the login form.


Created by Marcos Last modified by Aadrian on Dec 13, 2024
Tags:
Previous Joget SSO with Azure Active Directory NextJoget SSO with OpenID Connect