MetaDefender Core

Need Help? Contact Support

DocsMetaDefender CoreConfigurationSingle Sign-On (SSO) Integration InstructionsKeycloak

DocsMetaDefender CoreConfigurationSingle Sign-On (SSO) Integration InstructionsKeycloak

Keycloak

Create a realm on Keycloak

Sign in to Administrator Console, drop the list in the top left corner, and hit Create realm.

Keycloak initially includes a single realm master which is used for managing Keycloak only and not for any applications.

Enter Realm name e.g. myrealm and click Create.

Select Users in the left sidebar and click Add user.

Enter values for Username, Email, First name and Last name; then click Create.

Under User details, select Credentials tab and click Set password to create a password for the user created in the previous step.

Enter the password and toggle Temporary to Off, then click Save.

Create SAML directory on MetaDefender Core

Sign in to MetaDefender Core management console.
Under Dashboard, click User Management in the left sidebar.
Under User Management, select Directories tab and hit Add directory in the top right.

On Add Directory page, select SAML in Directory Type.
Fill Name of the new directory, such as KEYCLOAK_SAML_._
Under Service Provider, fill in Host or IP where MetaDefender Core is being hosted, using https://localhost:8008 as an example.
Copy the value of Login URL.

Create Keycloak application

On screen myrealm, select Clients in the sidebar and click Create client.

Choose SAML for Client type and enter MDCORE for Client ID then click Next.

Paste the Login URL from MetaDefender Core into Master SAML Processing URL and click Save.

Go to Advance tab and paste the Login URL from MetaDefender Core to Assertion Consumer Service Redirect Binding URL and click Save.

In Keystab, toggle Client signature required to Off.

In Client scopes tab, select MDCore-dedicated.

Under Dedicated scopes, navigate to Mappers tab and click Add predefines mapper.

Check X500 givenName and X500 surname, then click Add.

Back to Mappers tabs, click on X500 givenName.

Enter first_name to SAML Attribute Name and click Save.

Click X500 surname in Mappers tab.

Enter first_name for SAML Attribute Name and click Save.

Select Realm settings in the sidebar, navigate to General tab, click SAML 2.0 Identity Provider Metadata and copy the SAML metadata link.

Complete configuration on MetaDefender Core

Switch to MetaDefender Core screen, under Identity Provider, click Fetch URL.
Paste SAML Metadata link from Keycloak to the box under Fetch URL and click OK to ensure MetaDefender Core can set Okta as its IdP.

Under Service Provider section, enable Use Custom Entity ID and enter MDCORE in Custom Entity ID field.

The ID set for Use Custom Entity ID must match the Client ID created by Keycloak.

Fill in the user identity under Use Identified by with ${first_name}___${last_name} , for example.
Select the appropriate role for the user under User Role.
Click Add to complete the settings.

On User Management screen, toggle the new directory, KEYCLOAK-SAML in this example. A dialog box will appear to confirm the action. Once Enable is clicked, all existing sessions will expire immediately.

Test the integration

Click Login from the home screen of MetaDefender Core; the user is redirected to Keycloak page.

Sign in with the account registered in Keycloak (steps 4 and 6 under the section create-a-realm-on-keycloak).

If everything goes well, MetaDefender Core dashboard will be displayed with user identity set in the top right corner.

Last updated on

Was this page helpful?

On This Page

Keycloak Create a realm on Keycloak Create SAML directory on MetaDefender Core Create Keycloak application Complete configuration on MetaDefender Core Test the integration