Sign in to Keycloak as an administrator.
Click Clients then Create. Enter a unique Client ID (like “Condens”), select Client Protocol SAML and then click Save.
Edit the following values in the client you created:
Enabled: On
Sign Assertions: On
Encrypt Assertions: Off
Client Signature Required: Off
Name ID Format: email
Valid Redirect URIs: Copy in the SP Login URL from Condens
Save the client config.
Go to the Mappers tab, and click on Add Builtin
Select X500 email
Click Add selected.
Edit email attribute:
Click on X500 email.
Change the SAML Attribute Name to email.
Click Save.
Go to Realm Settings in the left menu. Under the General tab, click on SAML 2.0 Identity Provider Metadata.
From here, copy the following values into Condens:
SAML Signing Certificate > Certificate (Base64) in Keycloak → Certificate in Condens
SingleSignOnService URL in Keycloak → IdP Login URL in Condens
SingleSignOnService URL in Keycloak without the /protocol/saml at the end (so if the SingleSignOnService URL is https://keycloak.example.com/auth/realms/my_realm/protocol/saml the Identifier would be https://keycloak.example.com/auth/realms/my_realm) → IdP Entity ID in Condens