Keycloak: Create Condens SSO App

Sign in to Keycloak as an administrator.
Click Clients then Create. Enter a unique Client ID (like “Condens”), select Client Protocol saml and then click Save.
Edit the following values in the client you created:
- Enabled: On
- Sign Assertions: On
- Encrypt Assertions: Off
- Client Signature Required: Off
- Name ID Format: email
- Valid Redirect URIs: Copy in the SP Login URL from Condens
Save the client config.
Go to the Mappers tab, and click on Add Builtin
- Select X500 email
- Click Add selected.
Edit email attribute:
- Click on X500 email.
- Change the SAML Attribute Name to email.
- Click Save.
Go to Realm Settings in the left menu. Under the General tab, click on SAML 2.0 Identity Provider Metadata.
- From here, copy the following values into Condens:
  - SAML Signing Certificate > Certificate (Base64) in Keycloak → Certificate in Condens
  - SingleSignOnService URL in Keycloak → IdP Login URL in Condens
  - SingleSignOnService URL in Keycloak without the /protocol/saml at the end (so if the SingleSignOnService URL is https://keycloak.example.com/auth/realms/my_realm/protocol/saml the Identifier would be https://keycloak.example.com/auth/realms/my_realm) → IdP Entity ID in Condens

Didn't find what you're looking for? Send us a message and we'll get back to you.