Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
back

SafeNet Agent for Keycloak

search

Please Note:

printsuggest an edit

SafeNet Agent for Keycloak

copy link to clipboardProduct Description

SafeNet Agent for Keycloak allows integration of a Keycloak Identity Provider (IDP) to SAS PCE. Clients deploying the Keycloak IDP in their network can take advantage of SAS PCE as the provider of Multi-Factor Authentication (MFA). The agent is deployed as an extension of the Keycloak software and thereby provides configuration options on Keycloak that enable secure integration with the client’s SAS PCE system.

copy link to clipboardRelease Description

copy link to clipboard01/13/2025

SafeNet Agent for Keycloak 1.5.0 introduces the following feature:

  • Support for Keycloak Server version 24.0.5.

copy link to clipboardKnown Issues

Issue Synopsis
SAS-69617 Summary: Not able to login with alias for any sync user with any of the four flows.
Workaround: For the synced users, login with username instead of Alias.
SAS-59950 Summary: In Linux, authentication fails after adding configuration with SafeNetOTPRealm.json by using bsid key path.
Workaround: Use Manual Configuration of the realm as mentioned in the Installation Guide.
SAS-48668 Summary: "Whenever a token is locked or in a suspended state, the agent does not provide any specific message on the passcode validation screen. It only shows "we were unable to verify your account. Please check you with your local administrator".
SAS-48036 Summary: An active session is still maintained even after logging out of the Azure application.
Workaround: Log out of all active sessions under Keycloak Admin Login > Realm > Session > Logout all

copy link to clipboardCompatibility Information

copy link to clipboardOperating System

  • Java compatible operating systems (Linux or Windows)

copy link to clipboardAuthentication Servers

  • SafeNet Authentication Service PCE v3.20 and above

    note

    Note

    For SAS User Federation, SafeNet Authentication Service PCE v3.16 or above is required. See Configure SAS User Federation for more information. For GrIDsure support, SafeNet Authentication Service PCE v3.20 or above is required.

  • Keycloak Server version 24.0.5.

copy link to clipboardRequirements

  • Oracle JDK 17, OpenJDK 17.
  • Any utility to unpack zip or and tar.gz
  • At least 2 GB of RAM
  • At least 1GB of disk space
note

Note

These requirements are derived from official Keycloak recommendations. Refer to https://www.keycloak.org.

On this page