Keycloak is an open source identity and access management solution which mainly aims at applications and services. In this blog post we will try to integrate KeyCloak as the identity platform for SAP Cloud Foundry.

Iam not going to stress on Installing KeyCloak, but install Keycloak as a publicly accessible instance. You can use standalone installation / Docker / Kubernetes setups of Keycloak .

The configuration will be done in the master realm. If i open the url of the keycloak i will be first seeing the following.

When you click the Administration Console, you will be shown the master realm login. Master Realm is tenant used for configuring Keycloak

You can create a new Realm. Please donot use the Master Realm, since you will have problem with auth from your app and administration

Click Clients -> Create in your keycloak instance.

Paralelly login into your SAP CF SuAccount and click Trust Configuration and click SAML metadata

 

 

Save the metadata File, and import the same in Client

Once you save a new client will be created,

 

Now we will export the SAML metadata from this Realm and import it in SAP CF Trust Configuration

 

Save the SAML Metadata after clicking the SAML2.0 Identity Provider Metadata and we will import the same by clicking New trust Configuration in the SAP CF Trust Configuration

 

Now that the configuration is done, we need to enable this provider and disable others for it be tested...

Now if you access your application, it will redirect to Keycloak for logging in.

 

In the next part we will be focusing on passing Attributes (like first_name, last_name and Groups) to your app especially if you are using Fiori Launchpad for your apps.

In the last Part we will be seeing , how to customize KeyCloak for allowing Facebook / Google Authentication.