Follow the steps below to configure Artifactory with Keycloak as a SAML SSO authentication provider.
In KeyCloak:
1. Enter Keycloak's administration console -
2. Select the desired realm or create a new one -
3. Create a new client (Clients -> Create client)
4. Change the client type to “SAML” and select a unique Client ID (i.e “artifactory”). Then, click the "Save" button to save the changes.
5. After creating the client, you will be directed to the client settings page. Ensure that "Sign Assertions" is enabled while "Force POST Binding", and "Front Channel Logout" are disabled.
6.Configure the "Valid Redirect URIs" as the instance JFrog URL followed by a wildcard, for example “https://artifactory.jfrog.io/*” or “http://IP:PORT/*”
7. In the client configurations, navigate to the “Keys” option and disable “Client Signature Required”
8. Navigate to the “Advanced” tab, scroll down to “Fine Grain SAML Endpoint Configuration” and configure both "Logout Service POST Binding URL" & "Logout Service Redirect Binding URL" as the JFrog URL followed by “/ui/login”, i.e: “https://artifactory.jfrog.io/ui/login”
9. Click the "Save" button to save the changes made to the client settings.