{"id":3223,"date":"2024-01-25T18:55:27","date_gmt":"2024-01-26T02:55:27","guid":{"rendered":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/"},"modified":"2024-01-25T18:55:27","modified_gmt":"2024-01-26T02:55:27","slug":"couchbase-capella-keycloak-sso","status":"publish","type":"post","link":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/","title":{"rendered":"How to use Keycloak for SSO login with Couchbase Capella"},"content":{"rendered":"\n<p><a href=\"https:\/\/www.keycloak.org\/\"><span>Keycloak<\/span><\/a><span>, an open-source single sign-on (SSO) and identity management solution, offers seamless integration capabilities with various client applications. In this tutorial, we&#8217;ll explore the process of integrating a Security Assertion Markup Language (SAML) client with Keycloak, enabling convenient and secure user authentication.<\/span><\/p>\n\n\n\n<p><span>It is important to note that Keycloak is not tested or validated by Couchbase. Couchbase provides instructions and support for Microsoft Azure AD, Okta, Ping Identity, CyberArk, Google Workspace, and OneLogin.\u00a0<\/span><\/p>\n\n\n\n<p><span>We will demonstrate how to integrate SAML authentication using a generic SAML provider, in this case Keycloak. While any SAML provider can be utilized, we highly recommend using one of our supported services for optimal compatibility and a seamless integration experience.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span>Prerequisites<\/span><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span>I assume that you have a Keycloak instance up and running<\/span><\/li>\n\n\n<li><span>You have access to Capella as an Organization admin<\/span><\/li>\n\n\n<li><span>SSO has been enabled for your tenant<\/span><\/li>\n\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span>Step 1: Set Up Keycloak<\/span><\/h2>\n\n\n\n<p><span>It is outside the scope of this tutorial to explain how to deploy Keycloak as an Identity Provider. I assume that you already have a functioning Keycloak instance and it is ready to be utilized.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span>Create a <\/span>realm<img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15263\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image12-1-1024x369-1.png\" alt=\"create a keycloak realm\" width=\"900\" height=\"324\"><\/h3>\n\n\n\n<p><span>Create a new realm in Keycloak to manage your SAML client&#8217;s configuration. In our example, we will call this realm \u201cacme\u201d.<\/span><\/p>\n\n\n\n<p><span>Once the realm is created, we need to save the public key. The easiest way to do that is by opening the SAML Metadata endpoint.\u00a0<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span>Get the SAML configuration<\/span><\/h2>\n\n\n\n<p><span>Please click on the Realm settings on the left side. This will open the realm settings page. At the bottom of this page, there are two Metadata endpoints.\u00a0<\/span><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15264\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image10-1024x577-1.png\" alt=\"get the SAML configuration\" width=\"900\" height=\"507\"><\/p>\n\n\n\n<p><span>You need to click on the <\/span><b>SAML 2.0 Identity Provider Metadata<\/b><span> link. The XML contains the SAML Metadata that you will need when you create your Capella SSO configuration.\u00a0<\/span><\/p>\n\n\n\n<p><span>SAML HTTP-POST binding:<\/span><\/p>\n\n\n<p>[crayon nums=&#8221;false&#8221; wrap=&#8221;true&#8221; lang=&#8221;xhtml&#8221; decode=&#8221;true&#8221;]&lt;md:SingleSignOnService Binding=&#8221;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST&#8221; Location=&#8221;https:\/\/yourdomain.com\/realms\/acme\/protocol\/saml&#8221;\/&gt;[\/crayon]<\/p>\n\n\n\n<p><span>The X.509 certificate:<\/span><\/p>\n\n\n<p>[crayon nums=&#8221;false&#8221; wrap=&#8221;true&#8221; lang=&#8221;xhtml&#8221; decode=&#8221;true&#8221;]&lt;ds:X509Certificate&gt;MIIClzCCAX8CBg&#8230;&#8230;==&lt;\/ds:X509Certificate&gt;[\/crayon]<\/p>\n\n\n\n<p><span>Make a note of these as we will need them in the next steps.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span>Step 2: Create a realm in Capella<\/span><\/h2>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15265\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image19-1024x567-1.png\" alt=\"Create a realm in Capella\" width=\"900\" height=\"498\"><\/p>\n\n\n\n<p><span>In this step, we will create a Capella realm. In order to set this up, we need to copy the certificate we saved in step one, into the <\/span><b>SAML Signing Certificate field<\/b><span>. We also have to copy the HTTP_POST binding URL to the <\/span><b>Sign-in Endpoint URL<\/b><span> field.<\/span><\/p>\n\n\n\n<p><span>The Signature Algorithm and Digest Algorithm should be the left as default.<\/span><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15266\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image21-1024x291-1.png\" alt=\"Capella SAML Signing Certificate field\" width=\"900\" height=\"256\"><\/p>\n\n\n\n<p><span>Make sure the SAML Protocol Binding field is set up to be HTTP-POST:<\/span><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15267\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image14-1-1024x154-1.png\" alt=\"SAML protocol binding\" width=\"900\" height=\"135\"><\/p>\n\n\n\n<p><span>At this point you are ready to create the realm.\u00a0<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span>Step 3: Create a Keycloak SAML client<\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\"><span>Display Capella Realm information<\/span><\/h3>\n\n\n\n<p><span>At this point, we have created the Capella Realm. Now, we are ready to create a SAML client in Keycloak.<\/span><\/p>\n\n\n\n<p><span>First, we need some information about the Capella realm. Click on the newly created realm name in Capella to display the realm information.<\/span><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15268\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image25-1024x459-1.png\" alt=\"Display Capella realm information\" width=\"900\" height=\"403\"><\/p>\n\n\n\n<p><span>We will need to copy several pieces of information from this screen into Keycloak during the client creation process. Make note of the following fields.<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span>Realm name<\/span><\/li>\n\n\n<li><span>Entity ID<\/span><\/li>\n\n\n<li><span>Callback URL<\/span><\/li>\n\n\n<li><span>Signature Certificate<\/span><\/li>\n\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\"><span>Create the Keycloak SAML client<\/span><\/h3>\n\n\n\n<p><span>Open the Keycloak admin console and select the realm you created earlier. On the left side of the navigation, click on <strong>Clients<\/strong>.<\/span><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15269\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image3-1024x327-1.png\" alt=\"Create the Keycloak SAML client \" width=\"900\" height=\"287\"><\/p>\n\n\n\n<p><span>On this screen click <\/span><b>Create client:<\/b><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15270\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image20-1024x278-1.png\" alt=\"\" width=\"900\" height=\"244\"><\/p>\n\n\n\n<p><span>Copy the <\/span><b>EntityID<\/b><span> from Capella and paste it into the Client ID field of keycloak. You can use any name that you like in the <\/span><b>Name<\/b><span> field.\u00a0<\/span><\/p>\n\n\n\n<p><span>When you are ready, click the Next button. On this screen, you need to enter the Home URL and the redirect URIs as shown in the screenshot:<\/span><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15271\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image7-1-1024x561-1.png\" alt=\"\" width=\"900\" height=\"493\"><\/p>\n\n\n\n<p><span>The new SAML client will be created in Keycloak when you click on the <\/span><b>Save<\/b><span> button.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span>Configure the Keycloak SAML client<\/span><\/h3>\n\n\n\n<p><span>You need to open the SAML client you have created and click on the <strong>Advanced<\/strong> tab. That will take you to a screen like this:<\/span><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15272\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image2-1-1024x829-1.png\" alt=\"Configure the Keycloak SAML client\" width=\"900\" height=\"729\"><\/p>\n\n\n\n<p><span>On this screen, you only need to fill in the <\/span><b>Assertion Consumer Service POST Binding URL<\/b><span>. You need to copy the Callback URL from Capella\u2019s Realm page and enter it in this field.<\/span><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15273\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image5-1024x687-1.png\" alt=\"Assertion Consumer Service POST Binding URL\" width=\"900\" height=\"604\"><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span>Import client signatures<\/span><\/h3>\n\n\n\n<p><span>By default <\/span><b>Client signature required<\/b><span> is enabled in Keycloak. In that case Keycloak will validate the SAML request. In order to do that, we need to save Capella\u2019s SAML public key and import it into Keycloak.\u00a0<\/span><\/p>\n\n\n\n<p><span>First we need to save the Certificate from Capella. Open your SSO settings page in Capella.\u00a0<\/span><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15274\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image18-1024x311-1.png\" alt=\"\" width=\"900\" height=\"273\"><\/p>\n\n\n\n<p><span>Open the URL shown as <\/span><b>Signature Certificate<\/b> <a href=\"https:\/\/couchbase-capella.us.auth0.com\/pem?cert=connection\"><span>https:\/\/couchbase-capella.us.auth0.com\/pem?cert=connection<\/span><\/a><span> in a new tab. This will trigger a download. The file will be called couchbase-capella.pem. This certificate is used to verify the signature on the SAML assertion that is sent to Keycloak. It is not the same as the security certificate of the Couchbase Database.<\/span><\/p>\n\n\n\n<p><span>Now you need to log back into Keycloak and open the client that you created before. Go to the <strong>Keys<\/strong> tab.\u00a0<\/span><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15275\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image6-1-1024x662-1.png\" alt=\"\" width=\"900\" height=\"582\"><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span>Click on<\/span> <span>the<\/span><b> Import key <\/b><span>button<\/span><b>.<\/b><\/li>\n\n\n<li><span>Select Certificate PEM in the <\/span><b>Archive format<\/b><span> dropdown.\u00a0<\/span><\/li>\n\n\n<li><span>Click on browse to select file and find the file you have just saved from Capella<\/span><\/li>\n\n<\/ul>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15276\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image8-1-1024x430-1.png\" alt=\"\" width=\"900\" height=\"378\"><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span>Click Import to load Capella\u2019s certificate into Keycloak<\/span><\/li>\n\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span>Step 4: Configure SAML Mappers<\/span><\/h2>\n\n\n\n<p><span>Now the SAML client is ready. In the next step we will configure the necessary SAML mappers that will allow Capella to read the user details from the Assertion when the user is logging in.<\/span><\/p>\n\n\n\n<p><span>Open the SAML client we have just created, and click on the <\/span><b>Client Scopes<\/b><span> tab:<\/span><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15277\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image1-1-1024x422-1.png\" alt=\"\" width=\"900\" height=\"371\"><\/p>\n\n\n\n<p><span>You should see a client scope named after your client id and a dash and dedicated. You need to click on that link to add custom mappers.<\/span><\/p>\n\n\n\n<p><span>Once you click on that button you should see the following screen:<\/span><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15278\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image22-1024x452-1.png\" alt=\"\" width=\"900\" height=\"397\"><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span>Add the surname mapper<\/span><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span>Click on the add <\/span><b>configure a new mapper<\/b><span> button<\/span><\/li>\n\n\n<li><span>Select User property from the list of mappers.<\/span><\/li>\n\n<\/ul>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15279\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image4-1-1024x87-1.png\" alt=\"Map a built in user property\" width=\"900\" height=\"76\"><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span>Fill the form using the following values:<br>\n<\/span><b>Name<\/b><span>: X500 surname<br>\n<b>Property<\/b><span>: lastName<br>\n<b>Friendly Name<\/b><span>: surname<br>\n<b>SAML Attribute Name<\/b><span>: family_name<br>\n<b>SAML Attribute NameFormat:<\/b><span>\u00a0 Unspecified<\/span><br>\n<\/span><\/span><\/span><\/span><\/li>\n\n<\/ul>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15280\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image13-1-1024x621-1.png\" alt=\"\" width=\"900\" height=\"546\"><\/p>\n\n\n\n<p><span>Click <\/span><b>save<\/b><span>. Once you see the confirmation message, you need to click on the <\/span><b>Dedicated scopes <\/b><span>link to add the next mapper.<\/span><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15281\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image23-1024x284-1.png\" alt=\"\" width=\"900\" height=\"250\"><\/p>\n\n\n\n<p><span>Now we are ready to add the next mapper.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span>Add the firstName mapper<\/span><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span>Click on the <\/span><b>Add mapper <\/b><span>\u00a0button and select <\/span><b>By configuration<\/b><span>.\u00a0<\/span><\/li>\n\n\n<li><span>Select User property from the list of mappers.<\/span><\/li>\n\n<\/ul>\n\n\n\n<p><img decoding=\"async\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image4-1-1024x87-1.png\"><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span>Fill the form using the following values:<br>\n<\/span><b>Name<\/b><span>: X500 givenName<br>\n<b>Property<\/b><span>: firstName<br>\n<b>Friendly Name<\/b><span>: givenName<br>\n<b>SAML Attribute Name<\/b><span>: given_name<br>\n<b>SAML Attribute NameFormat:<\/b><span>\u00a0 Unspecified<\/span><br>\n<\/span><\/span><\/span><\/span><\/li>\n\n<\/ul>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15282\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image26-1024x709-1.png\" alt=\"\" width=\"900\" height=\"623\"><\/p>\n\n\n\n<p><span>Click <\/span><b>save<\/b><span>. Once you see the confirmation message (Mapping successfully created), you need to click on the <\/span><b>Dedicated scopes <\/b><span>link to add the next mapper.<\/span><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15283\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image17-1-1024x324-1.png\" alt=\"\" width=\"900\" height=\"285\"><\/p>\n\n\n\n<p><span>Now we are ready to add the final mapper.<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span>Add the email mapper<\/span><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span>Click on the <\/span><b>Add mapper <\/b><span>\u00a0button and select <\/span><b>By configuration<\/b><span>.\u00a0<\/span><\/li>\n\n\n<li><span>Select User property from the list of mappers.<\/span><\/li>\n\n<\/ul>\n\n\n\n<p><img decoding=\"async\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image4-1-1024x87-1.png\"><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span>Fill the form using the following values:<br>\n<b>Name<\/b><span>: X500 email<br>\n<b>Property<\/b><span>: email<br>\n<\/span><\/span><\/span><b>Friendly Name<\/b><span>: email<br>\n<\/span><b>SAML Attribute Name<\/b><span>: email<br>\n<\/span><b>SAML Attribute NameFormat:<\/b><span>\u00a0 Unspecified<\/span><\/li>\n\n<\/ul>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15284\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image11-1-1024x652-1.png\" alt=\"\" width=\"900\" height=\"573\"><\/p>\n\n\n\n<p><span>Click <\/span><b>save<\/b><span>. Once you see the confirmation message, you need to click on the <\/span><b>Dedicated scopes <\/b><span>link to see the full list of mappers. At this point you should see all three of them.<\/span><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15285\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image15-1-1024x338-1.png\" alt=\"\" width=\"900\" height=\"297\"><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span>Step 5: Testing the integration<\/span><\/h2>\n\n\n\n<p><span>In order to start testing, you need at least one user\u00a0 in your realm. You can use existing users or create a user just for testing the integration. Also make sure you are logged out from Capella before you start the testing.<\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span>Open <\/span><a href=\"https:\/\/cloud.couchbase.com\"><span>https:\/\/cloud.couchbase.com<\/span><\/a><span>\u00a0<\/span><\/li>\n\n<\/ul>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15286\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image16-1-792x1024-1.png\" alt=\"\" width=\"792\" height=\"1024\"><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span>Click on Use <\/span><b>Single Sign-On<\/b><\/li>\n\n\n<li><span>Enter your Capella SSO realm name<\/span><\/li>\n\n<\/ul>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-large wp-image-15287\" src=\"https:\/\/www.couchbase.com\/wp-content\/uploads\/sites\/5\/2026\/05\/image9-1-1024x863-1.png\" alt=\"\" width=\"900\" height=\"758\"><\/p>\n\n\n\n<p><span>Once you enter your tenant name, you will be forwarded to your Keycloak. You need to use your test user and credential to log in. At the end of the login flow you will be logged into Capella.\u00a0<\/span><\/p>\n\n\n\n<p><span>Please note: Capella uses JIT user provisioning. Capella will create a user automatically at the first time you log-in with a user through your Identity provider.<\/span><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span>Conclusion<\/span><\/h2>\n\n\n\n<p><span>Integrating a SAML client with Keycloak allows you to leverage Keycloak&#8217;s powerful identity management features, enabling seamless single sign-on functionality in Capella. By following the step-by-step guide provided in this blog, you should now have the knowledge and tools necessary to successfully integrate Capella with Keycloak, ensuring secure user authentication and a streamlined user experience.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Keycloak, an open-source single sign-on (SSO) and identity management solution, offers seamless integration capabilities with various client applications. In this tutorial, we&#8217;ll explore the process of integrating a Security Assertion Markup Language (SAML) client with Keycloak, enabling convenient and secure user authentication. It is important to note that Keycloak is not tested or validated by [&hellip;]<\/p>\n","protected":false},"author":84313,"featured_media":3220,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[301,94],"tags":[532,789,790],"ppma_author":[651],"class_list":["post-3223","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud","category-security","tag-cloud-database","tag-keycloak","tag-sso"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.6 (Yoast SEO v27.6) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>How to use Keycloak for SSO login with Couchbase Capella - The Couchbase Blog<\/title>\n<meta name=\"description\" content=\"Integrating a SAML client with Keycloak allows you to leverage Keycloak&#039;s powerful identity management features, enabling seamless single sign-on functionality in Capella.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to use Keycloak for SSO login with Couchbase Capella\" \/>\n<meta property=\"og:description\" content=\"Integrating a SAML client with Keycloak allows you to leverage Keycloak&#039;s powerful identity management features, enabling seamless single sign-on functionality in Capella.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/\" \/>\n<meta property=\"og:site_name\" content=\"The Couchbase Blog\" \/>\n<meta property=\"article:published_time\" content=\"2024-01-26T02:55:27+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/5\/2026\/05\/image24.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"1024\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Istvan Orban, Principal Product Manager\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Istvan Orban, Principal Product Manager\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/couchbase-capella-keycloak-sso\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/couchbase-capella-keycloak-sso\\\/\"},\"author\":{\"name\":\"Istvan Orban, Principal Product Manager\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#\\\/schema\\\/person\\\/da80693db66ef61daaabe98bc56afc26\"},\"headline\":\"How to use Keycloak for SSO login with Couchbase Capella\",\"datePublished\":\"2024-01-26T02:55:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/couchbase-capella-keycloak-sso\\\/\"},\"wordCount\":1404,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/couchbase-capella-keycloak-sso\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/5\\\/2026\\\/05\\\/image24.png\",\"keywords\":[\"cloud database\",\"keycloak\",\"SSO\"],\"articleSection\":[\"Couchbase Capella\",\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/couchbase-capella-keycloak-sso\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/couchbase-capella-keycloak-sso\\\/\",\"url\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/couchbase-capella-keycloak-sso\\\/\",\"name\":\"How to use Keycloak for SSO login with Couchbase Capella - The Couchbase Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/couchbase-capella-keycloak-sso\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/couchbase-capella-keycloak-sso\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/5\\\/2026\\\/05\\\/image24.png\",\"datePublished\":\"2024-01-26T02:55:27+00:00\",\"description\":\"Integrating a SAML client with Keycloak allows you to leverage Keycloak's powerful identity management features, enabling seamless single sign-on functionality in Capella.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/couchbase-capella-keycloak-sso\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/couchbase-capella-keycloak-sso\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/couchbase-capella-keycloak-sso\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/5\\\/2026\\\/05\\\/image24.png\",\"contentUrl\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/5\\\/2026\\\/05\\\/image24.png\",\"width\":1024,\"height\":1024},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/couchbase-capella-keycloak-sso\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to use Keycloak for SSO login with Couchbase Capella\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/\",\"name\":\"The Couchbase Blog\",\"description\":\"Couchbase, the NoSQL Database\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#organization\",\"name\":\"The Couchbase Blog\",\"url\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/5\\\/2026\\\/06\\\/logo.svg\",\"contentUrl\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/wp-content\\\/uploads\\\/sites\\\/5\\\/2026\\\/06\\\/logo.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"The Couchbase Blog\"},\"image\":{\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/#\\\/schema\\\/person\\\/da80693db66ef61daaabe98bc56afc26\",\"name\":\"Istvan Orban, Principal Product Manager\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e9cd4de97ab3b6e0a219e0b467b88ea85c7ff3b03396cd7f444828012befe66a?s=96&d=mm&r=g1f058fdc7ceeed323cb0993693c690e0\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e9cd4de97ab3b6e0a219e0b467b88ea85c7ff3b03396cd7f444828012befe66a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/e9cd4de97ab3b6e0a219e0b467b88ea85c7ff3b03396cd7f444828012befe66a?s=96&d=mm&r=g\",\"caption\":\"Istvan Orban, Principal Product Manager\"},\"description\":\"Istvan Orban is the Principal Product Manager for Couchbase and lives in the United Kingdom. Istvan has a wide range of experience as a Full stack Software Engineer, Team leader and Devops Engineer. His main focus is security and Single Sign On. Istvan has led several large scale projects of his 20 year professional career.\",\"url\":\"https:\\\/\\\/www.couchbase.com\\\/blog\\\/author\\\/istvanorban\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"How to use Keycloak for SSO login with Couchbase Capella - The Couchbase Blog","description":"Integrating a SAML client with Keycloak allows you to leverage Keycloak's powerful identity management features, enabling seamless single sign-on functionality in Capella.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/","og_locale":"en_US","og_type":"article","og_title":"How to use Keycloak for SSO login with Couchbase Capella","og_description":"Integrating a SAML client with Keycloak allows you to leverage Keycloak's powerful identity management features, enabling seamless single sign-on functionality in Capella.","og_url":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/","og_site_name":"The Couchbase Blog","article_published_time":"2024-01-26T02:55:27+00:00","og_image":[{"width":1024,"height":1024,"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/5\/2026\/05\/image24.png","type":"image\/png"}],"author":"Istvan Orban, Principal Product Manager","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Istvan Orban, Principal Product Manager","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/#article","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/"},"author":{"name":"Istvan Orban, Principal Product Manager","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/da80693db66ef61daaabe98bc56afc26"},"headline":"How to use Keycloak for SSO login with Couchbase Capella","datePublished":"2024-01-26T02:55:27+00:00","mainEntityOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/"},"wordCount":1404,"commentCount":0,"publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/5\/2026\/05\/image24.png","keywords":["cloud database","keycloak","SSO"],"articleSection":["Couchbase Capella","Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/","url":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/","name":"How to use Keycloak for SSO login with Couchbase Capella - The Couchbase Blog","isPartOf":{"@id":"https:\/\/www.couchbase.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/#primaryimage"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/#primaryimage"},"thumbnailUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/5\/2026\/05\/image24.png","datePublished":"2024-01-26T02:55:27+00:00","description":"Integrating a SAML client with Keycloak allows you to leverage Keycloak's powerful identity management features, enabling seamless single sign-on functionality in Capella.","breadcrumb":{"@id":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/#primaryimage","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/5\/2026\/05\/image24.png","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/5\/2026\/05\/image24.png","width":1024,"height":1024},{"@type":"BreadcrumbList","@id":"https:\/\/www.couchbase.com\/blog\/couchbase-capella-keycloak-sso\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.couchbase.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How to use Keycloak for SSO login with Couchbase Capella"}]},{"@type":"WebSite","@id":"https:\/\/www.couchbase.com\/blog\/#website","url":"https:\/\/www.couchbase.com\/blog\/","name":"The Couchbase Blog","description":"Couchbase, the NoSQL Database","publisher":{"@id":"https:\/\/www.couchbase.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.couchbase.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.couchbase.com\/blog\/#organization","name":"The Couchbase Blog","url":"https:\/\/www.couchbase.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/5\/2026\/06\/logo.svg","contentUrl":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/5\/2026\/06\/logo.svg","width":"1024","height":"1024","caption":"The Couchbase Blog"},"image":{"@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.couchbase.com\/blog\/#\/schema\/person\/da80693db66ef61daaabe98bc56afc26","name":"Istvan Orban, Principal Product Manager","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/e9cd4de97ab3b6e0a219e0b467b88ea85c7ff3b03396cd7f444828012befe66a?s=96&d=mm&r=g1f058fdc7ceeed323cb0993693c690e0","url":"https:\/\/secure.gravatar.com\/avatar\/e9cd4de97ab3b6e0a219e0b467b88ea85c7ff3b03396cd7f444828012befe66a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e9cd4de97ab3b6e0a219e0b467b88ea85c7ff3b03396cd7f444828012befe66a?s=96&d=mm&r=g","caption":"Istvan Orban, Principal Product Manager"},"description":"Istvan Orban is the Principal Product Manager for Couchbase and lives in the United Kingdom. Istvan has a wide range of experience as a Full stack Software Engineer, Team leader and Devops Engineer. His main focus is security and Single Sign On. Istvan has led several large scale projects of his 20 year professional career.","url":"https:\/\/www.couchbase.com\/blog\/author\/istvanorban\/"}]}},"acf":[],"authors":[{"term_id":651,"user_id":84313,"is_guest":0,"slug":"istvanorban","display_name":"Istvan Orban, Principal Product Manager","avatar_url":{"url":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/5\/2026\/05\/image_2023-04-25_205027722-17.png","url2x":"https:\/\/www.couchbase.com\/blog\/wp-content\/uploads\/sites\/5\/2026\/05\/image_2023-04-25_205027722-17.png"},"0":null,"1":"","2":"","3":"","4":"","5":"","6":"","7":"","8":""}],"_links":{"self":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/3223","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/users\/84313"}],"replies":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/comments?post=3223"}],"version-history":[{"count":0,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/posts\/3223\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media\/3220"}],"wp:attachment":[{"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/media?parent=3223"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/categories?post=3223"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/tags?post=3223"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.couchbase.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=3223"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}