Security Assertion Markup Language (SAML) allows you to access multiple web-based applications using a single set of authentication credentials. It is possible to configure Keycloak to access a SAML server via a preconfigured proxy in situations where Keycloak’s host doesn’t have direct access to the internet.

  1. Open a terminal and log in to your instance of Package Security Manager as an admin.
  2. Open your installer file, where the docker-compose.yml file is located by running the command:
# Replace <INSTALLER_LOCATION> with the location of your installer file (where the ``docker-compose.yml`` file is)
cd <INSTALLER_LOCATION>

You can see all the files contained in your current directory location by running the command ls -la in the terminal. You can look for the docker-compose.yml file this way, if necessary.

  1. Open your docker-compose.yml file using your preferred file editor.
  2. Find the Keycloak service section of the file, and under environment:, add the following lines:
# Replace <PROXY_SITE_URL> with the URL of your SAML proxy
HTTP_PROXY: <PROXY_SITE_URL>
HTTPS_PROXY: <PROXY_SITE_URL>
  1. Save your work and close the file. To verify your changes were saved, you can run the command:
cat docker-compose.yml

Here is an excerpt from a docker-compose.yml file to show you what your Keycloak section might look like.

keycloak:
   image: ${DOCKER_REGISTRY}keycloak:${VERSION}
   environment:
   - KEYCLOAK_IMPORT=true
   - KC_DB_URL_HOST=${POSTGRES_HOST}
   - KC_DB_URL_PORT=5432
   - KC_DB_URL_DATABASE=keycloak
   - KC_DB_USERNAME=keycloak
   - KC_DB_PASSWORD=keycloak
   - KC_HOSTNAME=${DOMAIN}
   - KC_PROXY=edge
   - KC_HOSTNAME_STRICT_HTTPS=false
   - KC_HTTP_ENABLED=true
   - HTTP_PROXY: <PROXY_IP>:<PROXY_PORT>
   - HTTPS_PROXY: <PROXY_IP>:<PROXY_PORT>
  1. Restart your instance of Package Security Manager.
docker compose down
docker compose up -d

Was this page helpful?