Configure Keycloak for Omni

  1. Log in to Keycloak.

  2. Create a realm.

  • In the upper left corner of the page, select the dropdown where it says master

  • Fill in the realm name and select create

  1. Find the realm metadata.

  • In the realm settings, there is a link to the metadata needed for SAML under Endpoints.

    • Copy the link or save the data to a file. It will be needed for the installation of Omni.

  1. Create a client

  • Select the Clients tab on the left

  • Fill in the General Settings as shown in the example below. Replace the hostname in the example with your own Omni hostname or IP.

    • Client type

    • Client ID

    • Name

  • Fill in the Login settings as shown in the example below. Replace the hostname in the example with your own Omni hostname or IP.

    • Root URL

    • Valid redirect URIs

    • Master SAML Processing URL

  • Modify the Signature and Encryption settings.

    • Sign documents: off

    • Sign assertions: on

  • Set the Client signature required value to off.

  • Modify Client Scopes

  • Select Add predefined mapper.

  • The following mappers need to be added because they will be used by Omni will use these attributes for assigning permissions.

    • X500 email

    • X500 givenName

    • X500 surname

  • Add a new user (optional)

    • If Keycloak is being used as an Identity Provider, users can be created here.

  • Enter the user information and set the Email verified to Yes

  • Set a password for the user.

PreviousDeploy Omni On-premNextBack Up On-prem Omni Database

Last updated