This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

How to Configure Keycloak for Omni

  1. Log in to Keycloak.

  2. Create a realm.

  • In the upper left corner of the page, select the dropdown where it says master

  • Fill in the realm name and select create

  1. Find the realm metadata.
  • In the realm settings, there is a link to the metadata needed for SAML under Endpoints.
    • Copy the link or save the data to a file. It will be needed for the installation of Omni.

  1. Create a client
  • Select the Clients tab on the left

  • Fill in the General Settings as shown in the example below. Replace the hostname in the example with your own Omni hostname or IP.
    • Client type
    • Client ID
    • Name

  • Fill in the Login settings as shown in the example below. Replace the hostname in the example with your own Omni hostname or IP.
    • Root URL
    • Valid redirect URIs
    • Master SAML PRocessing URL

  • Modify the Signature and Encryption settings.
    • Sign documents: off
    • Sign assertions: on

  • Set the Client signature required value to off.

  • Modify Client Scopes

  • Select Add predefined mapper.

  • The following mappers need to be added because they will be used by Omni will use these attributes for assigning permissions.
    • X500 email
    • X500 givenName
    • X500 surname

  • Add a new user (optional)
    • If Keycloak is being used as an Identity Provider, users can be created here.

  • Enter the user information and set the Email verified to Yes

  • Set a password for the user.