Setting up KeyCloak

1. Download KeyCloak from their official website (Used v25 here).
   
2. Open conf/keycloak.conf and enter the hostname
   
3. Run sh kc.sh start-dev
   
4. Create a user and login at http://localhost:8080
   

Setting up the IDP:

1. To enable logging, go to Realm Settings → Events → User Events Settings and turn them on.
   

1. Download the metadata from SDP and go to Clients → Import client and drop this xml file.
   
2. Turn off Client signature required and Import and then choose the NameID format and click Save.
   
3. Go to Client scopes and remove the default role_list (as this gives multiple "role" attribute which causes error code 37)
   
4. Choose the scope for your app ME_xxxx and click User Attribute Mapper For NameID while adding a new mapper.
   
5. Configure the NameID format and the value cross checking the attribute name from Realm settings → User profile.

1. For additional attributes, choose User Property, give display name, and the SAML Attribute Name (to be entered in SDP)
   

1. Signing if required can be configured under the Keys section.
   

Setting up SDP

1. In KeyCloak, Go to Realm Settings → Endpoints → SAML 2.0 Identity Provider Metadata and copy the URL from urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect to be entered in SDP as Login URL
   
2. Copy the X509Certificate string and replace the middle part of a newly download .cer file from SDP and upload it to SDP.
3. In SDP, Choose the Name ID format and algorithm as you saw in KeyCloak.
   
4. For additional attributes, enter the SAML Attribute Name that you copied earlier.
   
5. KeyCloak expects redirect binding, so run the following query and restart SDP: