Configuring SAML with Keycloak

Step 1: Create a New Client in Keycloak

  1. Log in to your Keycloak admin console.
  2. Navigate to the Clients section and click Create.
  3. In the Client ID field, enter the Metadata URL from the DocuSeal SAML SSO page.
  4. In the Home URL field, enter the Single Sign On URL from the DocuSeal SAML SSO page.
  5. In the Valid Redirect URIs field, enter your domain URL with a wildcard, such as:
http://your-domain/*

Create a new SAML client in Keycloak

Step 2: Configure Client Settings

  1. In the newly created client settings, set the Name ID Format to email . Configure SAML client settings in Keycloak

  2. Disable the Client Signature Required option in the Client > Keys section. Client Signature Required in Keycloak

Step 3: Retrieve SAML XML Metadata

  1. Go to your Realm Settings and open the SAML XML Metadata. XML Metadata in Keycloak
  2. Copy the Realm location URL from the XML and save this URL in the DocuSeal SSO Service URL form field. This URL will look something like this:
https://your-domain-keycloak.com/realms/Realm-Name/protocol/sam

DocuSeal SSO Service URL

Step 4: Retrieve and Configure the Certificate

  1. Go to your Realm and navigate to the Keys section.
  2. Copy the certificate and save it in the DocuSeal application SAML form.

Retrieve and configure the certificate in Keycloak

Ensure that the email addresses of your users in DocuSeal match the assigned Keycloak user email addresses.
This is crucial for the SAML SSO to function correctly.