Keycloak: Create Condens SSO App

  1. Sign in to Keycloak as an administrator.

  2. Click Clients then Create. Enter a unique Client ID (like “Condens”), select Client Protocol SAML and then click Save.

  3. Edit the following values in the client you created:

    • Enabled: On

    • Sign Assertions: On

    • Encrypt Assertions: Off

    • Client Signature Required: Off

    • Name ID Format: email

    • Valid Redirect URIs: Copy in the SP Login URL from Condens

  4. Save the client config.

  5. Go to the Mappers tab, and click on Add Builtin

    • Select X500 email

    • Click Add selected.

  6. Edit email attribute:

    • Click on X500 email.

    • Change the SAML Attribute Name to email.

    • Click Save.

  7. Go to Realm Settings in the left menu. Under the General tab, click on SAML 2.0 Identity Provider Metadata.

    • From here, copy the following values into Condens:

      • SAML Signing Certificate > Certificate (Base64) in Keycloak → Certificate in Condens

      • SingleSignOnService URL in Keycloak → IdP Login URL in Condens

      • SingleSignOnService URL in Keycloak without the /protocol/saml at the end (so if the SingleSignOnService URL is https://keycloak.example.com/auth/realms/my_realm/protocol/saml the Identifier would be https://keycloak.example.com/auth/realms/my_realm) → IdP Entity ID in Condens


Didn't find what you're looking for? Send us a message and we'll get back to you.