{"id":15261,"date":"2024-01-25T18:55:27","date_gmt":"2024-01-26T02:55:27","guid":{"rendered":"https:\/\/www.couchbase.com\/blog\/?p=15261"},"modified":"2024-02-05T12:03:13","modified_gmt":"2024-02-05T20:03:13","slug":"couchbase-capella-keycloak-sso","status":"publish","type":"post","link":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/","title":{"rendered":"How to use Keycloak for SSO login with Couchbase Capella"},"content":{"rendered":"<p><a href=\"https:\/\/www.keycloak.org\/\"><span style=\"font-weight: 400;\">Keycloak<\/span><\/a><span style=\"font-weight: 400;\">, an open-source single sign-on (SSO) and identity management solution, offers seamless integration capabilities with various client applications. In this tutorial, we&#8217;ll explore the process of integrating a Security Assertion Markup Language (SAML) client with Keycloak, enabling convenient and secure user authentication.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">It is important to note that Keycloak is not tested or validated by Couchbase. Couchbase provides instructions and support for Microsoft Azure AD, Okta, Ping Identity, CyberArk, Google Workspace, and OneLogin.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">We will demonstrate how to integrate SAML authentication using a generic SAML provider, in this case Keycloak. While any SAML provider can be utilized, we highly recommend using one of our supported services for optimal compatibility and a seamless integration experience.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Prerequisites<\/span><\/h2>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">I assume that you have a Keycloak instance up and running<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">You have access to Capella as an Organization admin<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">SSO has been enabled for your tenant<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2><span style=\"font-weight: 400;\">Step 1: Set Up Keycloak<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">It is outside the scope of this tutorial to explain how to deploy Keycloak as an Identity Provider. I assume that you already have a functioning Keycloak instance and it is ready to be utilized.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Create a <\/span>realm<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15263\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image12-1-1024x369.png\" alt=\"create a keycloak realm\" width=\"900\" height=\"324\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image12-1-1024x369.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image12-1-300x108.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image12-1-768x277.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image12-1-1536x554.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image12-1-1320x476.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image12-1.png 1999w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/h3>\n<p><span style=\"font-weight: 400;\">Create a new realm in Keycloak to manage your SAML client&#8217;s configuration. In our example, we will call this realm \u201cacme\u201d.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Once the realm is created, we need to save the public key. The easiest way to do that is by opening the SAML Metadata endpoint.\u00a0<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Get the SAML configuration<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Please click on the Realm settings on the left side. This will open the realm settings page. At the bottom of this page, there are two Metadata endpoints.\u00a0<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15264\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image10-1024x577.png\" alt=\"get the SAML configuration\" width=\"900\" height=\"507\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image10-1024x577.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image10-300x169.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image10-768x433.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image10-1536x865.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image10-1320x744.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image10.png 1999w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">You need to click on the <\/span><b>SAML 2.0 Identity Provider Metadata<\/b><span style=\"font-weight: 400;\"> link. The XML contains the SAML Metadata that you will need when you create your Capella SSO configuration.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">SAML HTTP-POST binding:<\/span><\/p>\n<pre class=\"nums:false wrap:true lang:xhtml decode:true \">&lt;md:SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https:\/\/yourdomain.com\/realms\/acme\/protocol\/saml\"\/&gt;<\/pre>\n<p><span style=\"font-weight: 400;\">The X.509 certificate:<\/span><\/p>\n<pre class=\"nums:false wrap:true lang:xhtml decode:true \">&lt;ds:X509Certificate&gt;MIIClzCCAX8CBg......==&lt;\/ds:X509Certificate&gt;<\/pre>\n<p><span style=\"font-weight: 400;\">Make a note of these as we will need them in the next steps.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Step 2: Create a realm in Capella<\/span><\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15265\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image19-1024x567.png\" alt=\"Create a realm in Capella\" width=\"900\" height=\"498\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image19-1024x567.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image19-300x166.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image19-768x425.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image19-1536x851.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image19-1320x731.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image19.png 1999w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">In this step, we will create a Capella realm. In order to set this up, we need to copy the certificate we saved in step one, into the <\/span><b>SAML Signing Certificate field<\/b><span style=\"font-weight: 400;\">. We also have to copy the HTTP_POST binding URL to the <\/span><b>Sign-in Endpoint URL<\/b><span style=\"font-weight: 400;\"> field.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Signature Algorithm and Digest Algorithm should be the left as default.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15266\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image21-1024x291.png\" alt=\"Capella SAML Signing Certificate field\" width=\"900\" height=\"256\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image21-1024x291.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image21-300x85.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image21-768x218.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image21-1536x436.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image21-1320x375.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image21.png 1999w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">Make sure the SAML Protocol Binding field is set up to be HTTP-POST:<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15267\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image14-1-1024x154.png\" alt=\"SAML protocol binding\" width=\"900\" height=\"135\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image14-1-1024x154.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image14-1-300x45.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image14-1-768x115.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image14-1-1536x231.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image14-1-1320x198.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image14-1.png 1999w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">At this point you are ready to create the realm.\u00a0<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Step 3: Create a Keycloak SAML client<\/span><\/h2>\n<h3><span style=\"font-weight: 400;\">Display Capella Realm information<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">At this point, we have created the Capella Realm. Now, we are ready to create a SAML client in Keycloak.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">First, we need some information about the Capella realm. Click on the newly created realm name in Capella to display the realm information.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15268\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image25-1024x459.png\" alt=\"Display Capella realm information\" width=\"900\" height=\"403\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image25-1024x459.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image25-300x134.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image25-768x344.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image25-1536x688.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image25-1320x592.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image25.png 1999w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">We will need to copy several pieces of information from this screen into Keycloak during the client creation process. Make note of the following fields.<\/span><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Realm name<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Entity ID<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Callback URL<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Signature Certificate<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3><span style=\"font-weight: 400;\">Create the Keycloak SAML client<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Open the Keycloak admin console and select the realm you created earlier. On the left side of the navigation, click on <strong>Clients<\/strong>.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15269\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image3-1024x327.png\" alt=\"Create the Keycloak SAML client \" width=\"900\" height=\"287\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image3-1024x327.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image3-300x96.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image3-768x245.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image3-1536x491.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image3-1320x422.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image3.png 1999w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">On this screen click <\/span><b>Create client:<\/b><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15270\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image20-1024x278.png\" alt=\"\" width=\"900\" height=\"244\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image20-1024x278.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image20-300x81.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image20-768x209.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image20-1536x417.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image20-1320x359.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image20.png 1999w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">Copy the <\/span><b>EntityID<\/b><span style=\"font-weight: 400;\"> from Capella and paste it into the Client ID field of keycloak. You can use any name that you like in the <\/span><b>Name<\/b><span style=\"font-weight: 400;\"> field.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">When you are ready, click the Next button. On this screen, you need to enter the Home URL and the redirect URIs as shown in the screenshot:<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15271\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image7-1-1024x561.png\" alt=\"\" width=\"900\" height=\"493\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image7-1-1024x561.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image7-1-300x164.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image7-1-768x421.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image7-1-1536x841.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image7-1-1320x723.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image7-1.png 1999w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">The new SAML client will be created in Keycloak when you click on the <\/span><b>Save<\/b><span style=\"font-weight: 400;\"> button.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Configure the Keycloak SAML client<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">You need to open the SAML client you have created and click on the <strong>Advanced<\/strong> tab. That will take you to a screen like this:<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15272\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image2-1-1024x829.png\" alt=\"Configure the Keycloak SAML client\" width=\"900\" height=\"729\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image2-1-1024x829.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image2-1-300x243.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image2-1-768x622.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image2-1-1536x1243.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image2-1-1320x1068.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image2-1.png 1999w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">On this screen, you only need to fill in the <\/span><b>Assertion Consumer Service POST Binding URL<\/b><span style=\"font-weight: 400;\">. You need to copy the Callback URL from Capella\u2019s Realm page and enter it in this field.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15273\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image5-1024x687.png\" alt=\"Assertion Consumer Service POST Binding URL\" width=\"900\" height=\"604\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image5-1024x687.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image5-300x201.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image5-768x515.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image5-1536x1030.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image5-400x267.png 400w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image5-1320x886.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image5.png 1999w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<h3><span style=\"font-weight: 400;\">Import client signatures<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">By default <\/span><b>Client signature required<\/b><span style=\"font-weight: 400;\"> is enabled in Keycloak. In that case Keycloak will validate the SAML request. In order to do that, we need to save Capella\u2019s SAML public key and import it into Keycloak.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">First we need to save the Certificate from Capella. Open your SSO settings page in Capella.\u00a0<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15274\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image18-1024x311.png\" alt=\"\" width=\"900\" height=\"273\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image18-1024x311.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image18-300x91.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image18-768x233.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image18-1536x466.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image18-1320x401.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image18.png 1999w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">Open the URL shown as <\/span><b>Signature Certificate<\/b> <a href=\"https:\/\/couchbase-capella.us.auth0.com\/pem?cert=connection\"><span style=\"font-weight: 400;\">https:\/\/couchbase-capella.us.auth0.com\/pem?cert=connection<\/span><\/a><span style=\"font-weight: 400;\"> in a new tab. This will trigger a download. The file will be called couchbase-capella.pem. This certificate is used to verify the signature on the SAML assertion that is sent to Keycloak. It is not the same as the security certificate of the Couchbase Database.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Now you need to log back into Keycloak and open the client that you created before. Go to the <strong>Keys<\/strong> tab.\u00a0<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15275\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image6-1-1024x662.png\" alt=\"\" width=\"900\" height=\"582\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image6-1-1024x662.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image6-1-300x194.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image6-1-768x496.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image6-1-1536x993.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image6-1-1320x853.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image6-1.png 1990w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Click on<\/span> <span style=\"font-weight: 400;\">the<\/span><b> Import key <\/b><span style=\"font-weight: 400;\">button<\/span><b>.<\/b><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Select Certificate PEM in the <\/span><b>Archive format<\/b><span style=\"font-weight: 400;\"> dropdown.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Click on browse to select file and find the file you have just saved from Capella<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15276\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image8-1-1024x430.png\" alt=\"\" width=\"900\" height=\"378\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image8-1-1024x430.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image8-1-300x126.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image8-1-768x322.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image8-1-1536x644.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image8-1-1320x554.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image8-1.png 1912w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Click Import to load Capella\u2019s certificate into Keycloak<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2><span style=\"font-weight: 400;\">Step 4: Configure SAML Mappers<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Now the SAML client is ready. In the next step we will configure the necessary SAML mappers that will allow Capella to read the user details from the Assertion when the user is logging in.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Open the SAML client we have just created, and click on the <\/span><b>Client Scopes<\/b><span style=\"font-weight: 400;\"> tab:<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15277\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image1-1-1024x422.png\" alt=\"\" width=\"900\" height=\"371\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image1-1-1024x422.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image1-1-300x124.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image1-1-768x316.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image1-1-1536x632.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image1-1-1320x543.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image1-1.png 1999w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">You should see a client scope named after your client id and a dash and dedicated. You need to click on that link to add custom mappers.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Once you click on that button you should see the following screen:<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15278\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image22-1024x452.png\" alt=\"\" width=\"900\" height=\"397\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image22-1024x452.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image22-300x133.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image22-768x339.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image22-1536x678.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image22-1320x583.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image22.png 1999w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<h3><span style=\"font-weight: 400;\">Add the surname mapper<\/span><\/h3>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Click on the add <\/span><b>configure a new mapper<\/b><span style=\"font-weight: 400;\"> button<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Select User property from the list of mappers.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15279\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image4-1-1024x87.png\" alt=\"Map a built in user property\" width=\"900\" height=\"76\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image4-1-1024x87.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image4-1-300x25.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image4-1-768x65.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image4-1-1536x130.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image4-1-1320x112.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image4-1.png 1626w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Fill the form using the following values:<br \/>\n<\/span><b>Name<\/b><span>: X500 surname<br \/>\n<b>Property<\/b><span>: lastName<br \/>\n<b>Friendly Name<\/b><span>: surname<br \/>\n<b>SAML Attribute Name<\/b><span>: family_name<br \/>\n<b>SAML Attribute NameFormat:<\/b><span>\u00a0 Unspecified<\/span><br \/>\n<\/span><\/span><\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15280\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image13-1-1024x621.png\" alt=\"\" width=\"900\" height=\"546\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image13-1-1024x621.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image13-1-300x182.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image13-1-768x466.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image13-1-1536x931.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image13-1-1320x800.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image13-1.png 1778w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">Click <\/span><b>save<\/b><span style=\"font-weight: 400;\">. Once you see the confirmation message, you need to click on the <\/span><b>Dedicated scopes <\/b><span style=\"font-weight: 400;\">link to add the next mapper.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15281\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image23-1024x284.png\" alt=\"\" width=\"900\" height=\"250\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image23-1024x284.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image23-300x83.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image23-768x213.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image23-1536x426.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image23-1320x366.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image23.png 1999w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">Now we are ready to add the next mapper.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Add the firstName mapper<\/span><\/h3>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Click on the <\/span><b>Add mapper <\/b><span style=\"font-weight: 400;\">\u00a0button and select <\/span><b>By configuration<\/b><span style=\"font-weight: 400;\">.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Select User property from the list of mappers.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><img decoding=\"async\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image4-1-1024x87.png\" \/><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Fill the form using the following values:<br \/>\n<\/span><b>Name<\/b><span>: X500 givenName<br \/>\n<b>Property<\/b><span>: firstName<br \/>\n<b>Friendly Name<\/b><span>: givenName<br \/>\n<b>SAML Attribute Name<\/b><span>: given_name<br \/>\n<b>SAML Attribute NameFormat:<\/b><span>\u00a0 Unspecified<\/span><br \/>\n<\/span><\/span><\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15282\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image26-1024x709.png\" alt=\"\" width=\"900\" height=\"623\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image26-1024x709.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image26-300x208.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image26-768x532.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image26-1536x1064.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image26-1320x915.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image26.png 1810w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">Click <\/span><b>save<\/b><span style=\"font-weight: 400;\">. Once you see the confirmation message (Mapping successfully created), you need to click on the <\/span><b>Dedicated scopes <\/b><span style=\"font-weight: 400;\">link to add the next mapper.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15283\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image17-1-1024x324.png\" alt=\"\" width=\"900\" height=\"285\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image17-1-1024x324.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image17-1-300x95.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image17-1-768x243.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image17-1-1536x486.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image17-1-1320x417.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image17-1.png 1999w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">Now we are ready to add the final mapper.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Add the email mapper<\/span><\/h3>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Click on the <\/span><b>Add mapper <\/b><span style=\"font-weight: 400;\">\u00a0button and select <\/span><b>By configuration<\/b><span style=\"font-weight: 400;\">.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Select User property from the list of mappers.<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p style=\"padding-left: 40px;\"><img decoding=\"async\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image4-1-1024x87.png\" \/><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Fill the form using the following values:<br \/>\n<b>Name<\/b><span>: X500 email<br \/>\n<b>Property<\/b><span>: email<br \/>\n<\/span><\/span><\/span><b>Friendly Name<\/b><span>: email<br \/>\n<\/span><b>SAML Attribute Name<\/b><span>: email<br \/>\n<\/span><b>SAML Attribute NameFormat:<\/b><span>\u00a0 Unspecified<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15284\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image11-1-1024x652.png\" alt=\"\" width=\"900\" height=\"573\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image11-1-1024x652.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image11-1-300x191.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image11-1-768x489.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image11-1-1536x977.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image11-1-1320x840.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image11-1.png 1980w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">Click <\/span><b>save<\/b><span style=\"font-weight: 400;\">. Once you see the confirmation message, you need to click on the <\/span><b>Dedicated scopes <\/b><span style=\"font-weight: 400;\">link to see the full list of mappers. At this point you should see all three of them.<\/span><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15285\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image15-1-1024x338.png\" alt=\"\" width=\"900\" height=\"297\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image15-1-1024x338.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image15-1-300x99.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image15-1-768x253.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image15-1-1536x506.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image15-1-1320x435.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image15-1.png 1999w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<h2><span style=\"font-weight: 400;\">Step 5: Testing the integration<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">In order to start testing, you need at least one user\u00a0 in your realm. You can use existing users or create a user just for testing the integration. Also make sure you are logged out from Capella before you start the testing.<\/span><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Open <\/span><a href=\"https:\/\/cloud.couchbase.com\"><span style=\"font-weight: 400;\">https:\/\/cloud.couchbase.com<\/span><\/a><span style=\"font-weight: 400;\">\u00a0<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p style=\"padding-left: 40px;\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15286\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image16-1-792x1024.png\" alt=\"\" width=\"792\" height=\"1024\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image16-1-792x1024.png 792w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image16-1-232x300.png 232w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image16-1-768x993.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image16-1-1188x1536.png 1188w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image16-1-300x388.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image16-1-1320x1707.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image16-1.png 1338w\" sizes=\"auto, (max-width: 792px) 100vw, 792px\" \/><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Click on Use <\/span><b>Single Sign-On<\/b><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Enter your Capella SSO realm name<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15287\" src=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image9-1-1024x863.png\" alt=\"\" width=\"900\" height=\"758\" srcset=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image9-1-1024x863.png 1024w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image9-1-300x253.png 300w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image9-1-768x648.png 768w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image9-1-1536x1295.png 1536w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image9-1-1320x1113.png 1320w, https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image9-1.png 1914w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">Once you enter your tenant name, you will be forwarded to your Keycloak. You need to use your test user and credential to log in. At the end of the login flow you will be logged into Capella.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Please note: Capella uses JIT user provisioning. Capella will create a user automatically at the first time you log-in with a user through your Identity provider.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Conclusion<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Integrating a SAML client with Keycloak allows you to leverage Keycloak&#8217;s powerful identity management features, enabling seamless single sign-on functionality in Capella. By following the step-by-step guide provided in this blog, you should now have the knowledge and tools necessary to successfully integrate Capella with Keycloak, ensuring secure user authentication and a streamlined user experience.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Keycloak, an open-source single sign-on (SSO) and identity management solution, offers seamless integration capabilities with various client applications. In this tutorial, we&#8217;ll explore the process of integrating a Security Assertion Markup Language (SAML) client with Keycloak, enabling convenient and secure [&hellip;]<\/p>\n","protected":false},"author":84313,"featured_media":15288,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[2225,1813],"tags":[9454,9916,9917],"ppma_author":[9812],"class_list":["post-15261","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud","category-security","tag-cloud-database","tag-keycloak","tag-sso"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>How to use Keycloak for SSO login with Couchbase Capella - The Couchbase Blog<\/title>\n<meta name=\"description\" content=\"Integrating a SAML client with Keycloak allows you to leverage Keycloak&#039;s powerful identity management features, enabling seamless single sign-on functionality in Capella.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to use Keycloak for SSO login with Couchbase Capella\" \/>\n<meta property=\"og:description\" content=\"Integrating a SAML client with Keycloak allows you to leverage Keycloak&#039;s powerful identity management features, enabling seamless single sign-on functionality in Capella.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/\" \/>\n<meta property=\"og:site_name\" content=\"The Couchbase Blog\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-26T02:55:27+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-02-05T20:03:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image24.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Istvan Orban\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Istvan Orban\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/couchbase-capella-keycloak-sso\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/couchbase-capella-keycloak-sso\\\/\"},\"author\":{\"name\":\"Istvan Orban, Principal Product Manager\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#\\\/schema\\\/person\\\/da80693db66ef61daaabe98bc56afc26\"},\"headline\":\"How to use Keycloak for SSO login with Couchbase Capella\",\"datePublished\":\"2024-01-26T02:55:27+00:00\",\"dateModified\":\"2024-02-05T20:03:13+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/couchbase-capella-keycloak-sso\\\/\"},\"wordCount\":1352,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/couchbase-capella-keycloak-sso\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/1\\\/2024\\\/01\\\/image24.png\",\"keywords\":[\"cloud database\",\"keycloak\",\"SSO\"],\"articleSection\":[\"Couchbase Capella\",\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/couchbase-capella-keycloak-sso\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/couchbase-capella-keycloak-sso\\\/\",\"url\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/couchbase-capella-keycloak-sso\\\/\",\"name\":\"How to use Keycloak for SSO login with Couchbase Capella - The Couchbase Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/couchbase-capella-keycloak-sso\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/couchbase-capella-keycloak-sso\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/1\\\/2024\\\/01\\\/image24.png\",\"datePublished\":\"2024-01-26T02:55:27+00:00\",\"dateModified\":\"2024-02-05T20:03:13+00:00\",\"description\":\"Integrating a SAML client with Keycloak allows you to leverage Keycloak's powerful identity management features, enabling seamless single sign-on functionality in Capella.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/couchbase-capella-keycloak-sso\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/couchbase-capella-keycloak-sso\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/couchbase-capella-keycloak-sso\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/1\\\/2024\\\/01\\\/image24.png\",\"contentUrl\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/1\\\/2024\\\/01\\\/image24.png\",\"width\":1024,\"height\":1024,\"caption\":\"How to use Keycloak as an IDP to login into Capella\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/couchbase-capella-keycloak-sso\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to use Keycloak for SSO login with Couchbase Capella\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/\",\"name\":\"The Couchbase Blog\",\"description\":\"Couchbase, the NoSQL Database\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#organization\",\"name\":\"The Couchbase Blog\",\"url\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/admin-logo.png\",\"contentUrl\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/admin-logo.png\",\"width\":218,\"height\":34,\"caption\":\"The Couchbase Blog\"},\"image\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#\\\/schema\\\/person\\\/da80693db66ef61daaabe98bc56afc26\",\"name\":\"Istvan Orban, Principal Product Manager\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/1\\\/2023\\\/04\\\/image_2023-04-25_205027722.pngc873b4cba9199faca7f2d3db2f443f81\",\"url\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/1\\\/2023\\\/04\\\/image_2023-04-25_205027722.png\",\"contentUrl\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/1\\\/2023\\\/04\\\/image_2023-04-25_205027722.png\",\"caption\":\"Istvan Orban, Principal Product Manager\"},\"description\":\"Istvan Orban is the Principal Product Manager for Couchbase and lives in the United Kingdom. Istvan has a wide range of experience as a Full stack Software Engineer, Team leader and Devops Engineer. His main focus is security and Single Sign On. Istvan has led several large scale projects of his 20 year professional career.\",\"url\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/author\\\/istvanorban\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"How to use Keycloak for SSO login with Couchbase Capella - The Couchbase Blog","description":"Integrating a SAML client with Keycloak allows you to leverage Keycloak's powerful identity management features, enabling seamless single sign-on functionality in Capella.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/","og_locale":"en_US","og_type":"article","og_title":"How to use Keycloak for SSO login with Couchbase Capella","og_description":"Integrating a SAML client with Keycloak allows you to leverage Keycloak's powerful identity management features, enabling seamless single sign-on functionality in Capella.","og_url":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/","og_site_name":"The Couchbase Blog","article_published_time":"2024-01-26T02:55:27+00:00","article_modified_time":"2024-02-05T20:03:13+00:00","og_image":[{"width":1024,"height":1024,"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2024\/01\/image24.png","type":"image\/png"}],"author":"Istvan Orban","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Istvan Orban","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/#article","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/"},"author":{"name":"Istvan Orban, Principal Product Manager","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/da80693db66ef61daaabe98bc56afc26"},"headline":"How to use Keycloak for SSO login with Couchbase Capella","datePublished":"2024-01-26T02:55:27+00:00","dateModified":"2024-02-05T20:03:13+00:00","mainEntityOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/"},"wordCount":1352,"commentCount":0,"publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image24.png","keywords":["cloud database","keycloak","SSO"],"articleSection":["Couchbase Capella","Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/","url":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/","name":"How to use Keycloak for SSO login with Couchbase Capella - The Couchbase Blog","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/#primaryimage"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image24.png","datePublished":"2024-01-26T02:55:27+00:00","dateModified":"2024-02-05T20:03:13+00:00","description":"Integrating a SAML client with Keycloak allows you to leverage Keycloak's powerful identity management features, enabling seamless single sign-on functionality in Capella.","breadcrumb":{"@id":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/#primaryimage","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image24.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2024\/01\/image24.png","width":1024,"height":1024,"caption":"How to use Keycloak as an IDP to login into Capella"},{"@type":"BreadcrumbList","@id":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.couchbase.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How to use Keycloak for SSO login with Couchbase Capella"}]},{"@type":"WebSite","@id":"https:\/\/www.couchbase.com\/blog\/#website","url":"https:\/\/www.couchbase.com\/blog\/","name":"The Couchbase Blog","description":"Couchbase, the NoSQL Database","publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.couchbase.com\/blog\/#organization","name":"The Couchbase Blog","url":"https:\/\/www.couchbase.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/2023\/04\/admin-logo.png","width":218,"height":34,"caption":"The Couchbase Blog"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/da80693db66ef61daaabe98bc56afc26","name":"Istvan Orban, Principal Product Manager","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/04\/image_2023-04-25_205027722.pngc873b4cba9199faca7f2d3db2f443f81","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/04\/image_2023-04-25_205027722.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/04\/image_2023-04-25_205027722.png","caption":"Istvan Orban, Principal Product Manager"},"description":"Istvan Orban is the Principal Product Manager for Couchbase and lives in the United Kingdom. Istvan has a wide range of experience as a Full stack Software Engineer, Team leader and Devops Engineer. His main focus is security and Single Sign On. Istvan has led several large scale projects of his 20 year professional career.","url":"https:\/\/www.couchbase.com\/blog\/author\/istvanorban\/"}]}},"acf":[],"authors":[{"term_id":9812,"user_id":84313,"is_guest":0,"slug":"istvanorban","display_name":"Istvan Orban","avatar_url":{"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/04\/image_2023-04-25_205027722.png","url2x":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/1\/2023\/04\/image_2023-04-25_205027722.png"},"0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"_links":{"self":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/15261","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/users\/84313"}],"replies":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/comments?post=15261"}],"version-history":[{"count":0,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/15261\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media\/15288"}],"wp:attachment":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media?parent=15261"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/categories?post=15261"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/tags?post=15261"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=15261"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}