Integrating with Keycloak
To integrate with Keycloak, follow the steps:
- Get the Service Provider metadata
- Creating the SAML client in Keycloak
- Adding users to Instana
- You require administrator privileges in Keycloak.
Get the Service Provider metadata
To make the configuration easier, a Service Provider Metadata XML file is provided. It can be downloaded from the SAML settings dialog:
To save the file for later use, click METADATA DOWNLOAD.
You are assumed to have an existing realm in Keycloak. The following example uses SAML-DEMO.
Creating the SAML client in Keycloak
Switch to Configure > Clients and click Create.
Click Select file, and choose the previous downloaded service provider metadata.xml.
Click Save. You return to the newly imported client edit page.
You need to download the SAML 2.0 IdP metadata. Switch to Realm Settings and click SAML 2.0 Identity Provider Metadata.
Save the content as descriptor.xml, switch to the Instana-SAML setup page and upload the file. By pressing Save, you activate the SAML integration.
Adding users to Instana
With SAML enabled this is now the only way for your users to access Instana. To enable users, you must get the SAML app assigned to them. So open the application overview in Keycloak, and select to assign a user from the dropdown list.
NOTE: Make sure that every user has an associated email address.
Each new user can receive the default role when first logging in.