Security Assertion Markup Language (SAML) allows you to access multiple web-based applications using a single set of authentication credentials. It is possible to configure Keycloak to access a SAML server via a preconfigured proxy in situations where Keycloak’s host doesn’t have direct access to the internet.

  1. Open a terminal and log in to your instance of Package Security Manager as an admin.

  2. Open your installer file, where the docker-compose.yml file is located by running the command:

    # Replace <INSTALLER_LOCATION> with the location of your installer file (where the ``docker-compose.yml`` file is)
cd <INSTALLER_LOCATION>

    You can see all the files contained in your current directory location by running the command ls -la in the terminal. You can look for the docker-compose.yml file this way, if necessary.

  3. Open your docker-compose.yml file using your preferred file editor.

  4. Find the Keycloak service section of the file, and under environment:, add the following lines:

    # Replace <PROXY_SITE_URL> with the URL of your SAML proxy
HTTP_PROXY: <PROXY_SITE_URL>
HTTPS_PROXY: <PROXY_SITE_URL>

  5. Save your work and close the file. To verify your changes were saved, you can run the command:

    cat docker-compose.yml

    Here is an excerpt from a docker-compose.yml file to show you what your Keycloak section might look like.

    keycloak:
  image: ${DOCKER_REGISTRY}keycloak:${VERSION}
  environment:
  - KEYCLOAK_IMPORT=true
  - KC_DB_URL_HOST=${POSTGRES_HOST}
  - KC_DB_URL_PORT=5432
  - KC_DB_URL_DATABASE=keycloak
  - KC_DB_USERNAME=keycloak
  - KC_DB_PASSWORD=keycloak
  - KC_HOSTNAME=${DOMAIN}
  - KC_PROXY=edge
  - KC_HOSTNAME_STRICT_HTTPS=false
  - KC_HTTP_ENABLED=true
  - HTTP_PROXY: <PROXY_IP>:<PROXY_PORT>
  - HTTPS_PROXY: <PROXY_IP>:<PROXY_PORT>

  6. Restart your instance of Package Security Manager.

    docker compose down
docker compose up --detach

Was this page helpful?

Github login integrationUpdating your SAML username attribute in Keycloak