On-premises installationOverview | Software architecture | Download | Deployment | Configuration | Troubleshooting | FAQ | EULA
Authentication | LDAP | SAML 2.0 | Authorisation and role-based access | HTTPS | Amazon Web Services S3 | Elasticsearch
Authentication with Keycloak
Here are some basic instructions for integration with Keycloak. In this example, the Structurizr on-premises installation was running at
1. Download IdP metadata
Find the realm that you would like authenticate against, and download the SAML metadata by clicking the "SAML 2.0 Identity Provider Metadata" link, saving this as
saml-idp-metadata.xml in your Structurizr data directory.
2. Register the Structurizr on-premises installation
Create a Keycloak "client" to represent the Structurizr on-premises installation.
The "client ID" you use here should be set as the
structurizr.saml.entityId property in your
After creation, you will need to change the following settings:
- Client Signature Required:
Off(otherwise you'll see an "Invalid requester" message)
- Valid Redirect URIs:
http://localhost:7080/saml/*(otherwise you'll see an "Invalid redirect URI" message)
3. Add user property mappers
At this point, the integration should be functional, although you won't see the username and groups/roles associated with the user. to do that, you need to add a couple of mappings for the client.