Setting Up SSO SAML 2.0 With Keycloak

Keycloak supports applications that support SAML 2.0, such as Sisense.
This page describes how to add Sisense to Keycloak and configure SSO-support with SAML 2.0 by creating a Keycloak client and connecting it to Sisense.
This article assumes you have a Keycloak IdP Server configured.
Note: This page reflects a 3rd party’s application which may change. If the steps described here do not match what you see in your Keycloak account, you can use the generic Sisense SAML documentation, along with the IdP’s documentation.

Connecting Sisense To Keycloak

To connect Sisense to Keycloak:
  1. Download sisense_client_config.json to your PC.
  2. Log in to your Keycloak's admin console (http://localhost:8080/auth/admin/)
  3. Select Clients from the left menu.
  4. Click Create.
  5.  In the Add Client window click Select File.
  6. From the file explorer popup window locate the file downloaded in Step 1 and click Open.

  7. Back in the Add Client Window click Save.
  8. In the Settings tab of the opened Sisense client page expand the Fine Grain SAML Endpoint Configuration section.
  9. In the Assertion Consumer Service Redirect Binding URL filed replace "localhost:8081" with your domain name.
    If using secure connection, replace "http" with "https".
  10. Updated value of the Assertion Consumer Service Redirect Binding URL to match the value of the Assertion Consumer Service Redirect Binding URL (from the previous step.)
  11. Click Save.
  12. Click on the Installation tab.
  13. From the Format Option, select Mod Auth Mellon Files and click Download.
  14. Extract the downloaded keycloak-mod-auth-mellon-sp-config.zip.
  15. Open the idp-metadata.xml file from the extracted folder.
  16. Open your Sisense web application.
  17. Go to the Admin tab and click on the Single Sign On menu item.
  18. Select SAML 2.0 as the Method option.
  19. In the  idp-metadata.xml file locate the following element.
1
2
3
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
     Location="http://localhost:8080/auth/realms/Sisense/protocol/saml" />
<SingleSignOnService>
20. Copy the value of the Location attribute to the Remote Login URL field in Sisense.
21. In the  idp-metadata.xml file locate <dsig:X509Certificate>.
22. Copy the value of the X509 certificate to the Public X.509 Certificate filed in Sisense.

23. Enable Single Sign On by clicking the switch button.
24. Click Save.