1 Reply Latest reply on Jul 20, 2018 12:47 AM by Ned Kelly

    HELP setup Keycloak SAML for Rocketchat

    Ned Kelly Newbie

      Hey Guys,

      Need help setting up SAML

      I created a SAML client in keycloak, but the keycloak SAML fields are named differently to rocketchats, so im confused about what fields to setup in keycloak, and where to put them in rocketchat?

      Ive been reading rocketchat documentation but still confused.

      Rocket.Chat Documentation  - SAML

      Rocketchat naively supports SAML setup via GUI (screenshot at botom)

       

      I created a SAML client in keycloak, but as the keycloak fields seem to be named differently,

      im confused about what fields to setup in keycloak, and where to put them in rocketchat.

       

      These seem to be the 3 important feilds needed:

      >Custom Entry Point ?

      >IDP SLO Redirec URL ?

      >Custom Issuer ?

       

      Also rocket chat admin requires certificate info

      >Custom Certificate (public CA cert for keycloak site) Correct?

      >Public cert contents (Keycloak generated public key) Correct?

      >Private Key contents (keycloak generated private key) Correct?

       

      Also,

      Should i turn on Sign Assertions?

      Should i turn on Encrypt Assertions ?

       

      I set a Master SAML Processing URL https://mykeycloakdomain:8443/rockechat/saml Correct?

       

      I have NOT set:

      Root URL

      Valid Redirect URIs

      Base URL

      IDP Initiated SSO URL Name

      IDP Initiated SSO Relay State

      As i dont really know what to put…?

       

      Everything else is default.

       

      Do i need to do anything in client scopes?

       

      Here is a screenshot of the rocketchat SAML admin page