Skip to main content
Keycloak is an open-source identity and access management solution that provides a comprehensive set of tools and features to help developers quickly implement secure user authentication and authorization mechanisms.
This article does not cover deployment or explanation of Keycloak. For more information, please refer to the official documentation.

Protocol Configuration

1. Get ACS URL

Login to Flashduty console and obtain the ACS URL (needed in subsequent steps).Path: Access Control => Single Sign-On => Settings => SAML2.0 Protocol => Flashduty Service Provider Info => Assertion Consumer Service URLGet ACS URL

2. Create Client

Login to Keycloak console, path: Clients => Create client
  • Client Type: Select SAML protocol
  • Client ID: Enter flashcat.cloud (fixed value, cannot be changed)
Create ClientValid redirect URIs: Enter the ACS URL obtained from FlashdutyConfigure redirect

3. Configure Client Information

Change Name ID format to email type:Name ID formatSet Client signature required to disabled:Disable signatureCreate Client scope:
Before creating, delete the previous OpenID Connect protocol user first, then set it as Default after creation.
Create email/phone/username types as shown:Create scopeCompleted result:Scope resultAdd users to the Client:Add user 1Add user 2Configure email/phone/username mappers (using email as example, configure others similarly):Mapper 1Mapper 2Mapper 3

4. Download XML File

The downloaded file is a compressed package. After extracting locally, there will be two xml files; only the idp-metadata.xml file is needed.
Download locally from Client => Action:Download XMLUpload the XML file to Flashduty’s single sign-on configuration:Upload XML

5. Create User and Test Login

Create user (must bind an email address):Create userLogin test: Visit console.flashcat.cloud, select SSO login, enter the login domain prefix from single sign-on configuration in the domain field.Test login