ARTIFACTORY: How to configure SAML SSO with Keycloak

ARTIFACTORY: How to configure SAML SSO with Keycloak

AuthorFullName__c
Or Naishtat
articleNumber
000005156
ft:sourceType
Salesforce
FirstPublishedDate
2021-11-03T13:50:52Z
lastModifiedDate
2023-08-02
VersionNumber
13

Follow the steps below to configure Artifactory with Keycloak as a SAML SSO authentication provider.

In KeyCloak:

1. Enter Keycloak's administration console -

User-added image

2. Select the desired realm or create a new one -

User-added image

3. Create a new client (Clients -> Create client)

User-added image

4. Change the client type to “SAML” and select a unique Client ID (i.e “artifactory”). Then, click the "Save" button to save the changes.

User-added image

5. After creating the client, you will be directed to the client settings page. Ensure that "Sign Assertions" is enabled while "Force POST Binding", and "Front Channel Logout" are disabled.

6.Configure the "Valid Redirect URIs" as the instance JFrog URL followed by a wildcard, for example “https://artifactory.jfrog.io/*” or “http://IP:PORT/*”

User-added image

7. In the client configurations, navigate to the “Keys” option and disable “Client Signature Required”

User-added image

8. Navigate to the “Advanced” tab, scroll down to “Fine Grain SAML Endpoint Configuration” and configure both "Logout Service POST Binding URL" & "Logout Service Redirect Binding URL" as the JFrog URL followed by “/ui/login”, i.e: “https://artifactory.jfrog.io/ui/login”

User-added image
User-added image
9. Click the "Save" button to save the changes made to the client settings.