Your suggested change has been received. Thank you.

Suggest A Change

Thank you! Your suggestion has been submitted.

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

There are some errors in your form.

Your Name This field is required

Your Email This field is required

How can we improve this content? This field is required

SafeNet IDPrime Virtual Integrations with IDPs

All

All

Keycloak with SAS PCE

Add OIDC Client on Keycloak Server

Thales
SafeNet Trusted Access
- SafeNet Trusted Access Configuration
- SafeNet IDPrime Virtual Setup
- Verify Integration
Keycloak with SAS PCE
- Overview
- Install Safenet Agent for Keycloak
- Realm Configuration
- Configure SafeNet Authentication Flows
- Add OIDC Client on Keycloak Server
- Keycloak User Federation
- Set up the SAS PCE LDAP
- SafeNet IDPrime Virtual Setup
- Verify Integration

SafeNet IDPrime Virtual Integrations with IDPs
Thales
Keycloak with SAS PCE
Add OIDC Client on Keycloak Server

Add OIDC Client on Keycloak Server

To Create OIDC Client

Perform the following steps to create the OIDC client for the IDPV server:

In the left pane, select the realm, and select Clients.
In the right pane, click Create and enter a name in the Client ID field (acts as the client_id in the OIDC authentication requests).
Click Save.

Once the client is created, client configuration page is displayed.
1. Select openid-connect from the drop-down in the Client Protocol field.
2. Select Access Type to confidential from the drop-down list.
3. Add the Valid Redirect URIs for the IDPVserver.
  
  URL structure: https://<server-host>/*
  For example: https://www.idpvserver.com/*
  
  This URL is updated as per IDPV server host name.

Adding Scope to the Client

Perform the following steps to add a client scope:

In the left pane, select the realm, and select Client Scopes.
Select Create.
Enter idpvscope in the Name field.
Set the Display on Consent screen to OFF.
Click Save.

Mapping the Client Scope

There are different ways to add claims that is at realm level, Client level, user or group level. These are mapped using roles, groups or individually. You add mapper to a scope, these claims are required by the IDPV server.

Perform the following steps to map the scope:

In the left pane, select Client Scopes.
In the right pane, select Mappers > Create.

Create Protocol Mapper section is displayed.

Enter the following settings for User Attribute Mapper Type:
- Name: preferred_username
- Mapper Type: User Attribute
- User Attribute: cn
- Token Claim Name: preferred_username
Enter the following settings to another mapper for Group Membership:
- Name: groups
- Mapper type: Group Membership
- Token Claim Name: groups
Click Save.

Similarly, add all required claims.

Adding Scope to OpenID Client

Once all required claims are added, refer to Mapping the Client Scope, apply the scope to the OpenID client.

In the left pane, select Clients.
In the right pane, select Client, and then click the Client Scopes tab.
Select the scope under the Default Client Scopes, and click Add selected.

On this page

SafeNet IDPrime Virtual Integrations with IDPs

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com

Support
- Release Notes
- Support Contacts
Legal
- End User License Agreement
- Disclaimer

© Copyright 2019-2024, Thales Group

+1 410-469-1651 supportportal.thalesgroup.com