OIDC/SAML

Add an Identity provider

This configuration adds an external identity provider to your Keycloak realm.

OIDC

In this example, an Auth0 provider is integrated using the OpenID Connect (OIDC) protocol. It includes settings for authentication, token management, and the necessary secret for client credentials. More details on the crossplane references.

apiVersion: oidc.keycloak.crossplane.io/v1alpha1
kind: IdentityProvider
metadata:
  name: auth0
spec:
  forProvider:
    alias: auth0
    clientId: clientid
    clientSecretSecretRef:
      key: secret
      name: idp-secret
      namespace: name-system
    defaultScopes: openid email profile
    realmRef:
      name: name
    authorizationUrl: https://name.eu.auth0.com/authorize
    issuer: https://name.eu.auth0.com/
    jwksUrl: https://name.eu.auth0.com/.well-known/jwks.json
    logoutUrl: https://name.eu.auth0.com/oidc/logout
    tokenUrl: https://name.eu.auth0.com/oauth/token
    userInfoUrl: https://name.eu.auth0.com/userinfo
  providerConfigRef:
    name: keycloak-provider-config
---
apiVersion: v1
kind: Secret
metadata:
  name: idp-secret
  namespace: name-system
stringData:
  secret: secret

SAML

The following configurations define a SAML IdentityProvider resource for Keycloak, enabling integration with an external identity provider (here Auth0). More details on the crossplane references.

apiVersion: saml.keycloak.crossplane.io/v1alpha1
kind: IdentityProvider
metadata:
  name: saml
spec:
  forProvider:
    alias: saml
    entityId: https://sso.ref+file://config.yaml#/ingress/domainName+/realms/realmname
    postBindingAuthnRequest: true
    postBindingLogout: true
    postBindingResponse: true
    realmRef:
      name: realmname
    singleLogoutServiceUrl: https://name.eu.auth0.com/samlp/{id}/logout
    singleSignOnServiceUrl: https://name.eu.auth0.com/samlp/{id}
    storeToken: false
    nameIdPolicyFormat: Email
  providerConfigRef:
    name: keycloak-provider-config