Configure Keycloak for Omni - Sidero Documentation

🎉 TalosCon 2025: Come to TalosCon in Amsterdam, October 16-17. Learn more →

Log in to Keycloak.
Create a realm.

In the upper left corner of the page, select the dropdown where it says master

Fill in the realm name and select create

Find the realm metadata.

In the realm settings, there is a link to the metadata needed for SAML under Endpoints.
- Copy the link or save the data to a file. It will be needed for the installation of Omni.

Create a client

Select the Clients tab on the left

Fill in the General Settings as shown in the example below. Replace the hostname in the example with your own Omni hostname or IP.
- Client type
- Client ID
- Name

Fill in the Login settings as shown in the example below. Replace the hostname in the example with your own Omni hostname or IP.
- Root URL
- Valid redirect URIs
- Master SAML Processing URL

Modify the Signature and Encryption settings.
- Sign documents: off
- Sign assertions: on

Set the Client signature required value to off.

Modify Client Scopes

Select Add predefined mapper.

The following mappers need to be added because they will be used by Omni will use these attributes for assigning permissions.
- X500 email
- X500 givenName
- X500 surname

Add a new user (optional)
- If Keycloak is being used as an Identity Provider, users can be created here.

./images/configure-keycloak-for-omni-create-new-user.png

Enter the user information and set the Email verified to Yes

Set a password for the user.

Back Up On-prem Omni Database