Keycloak OIDC Setup

This guide walks you through configuring SSO with Keycloak as your identity provider.

Prerequisites

• Admin access to your Keycloak instance
• Admin access to your Stallion organization

Step 1: Create a New Client in Keycloak

1. Log in to your Keycloak Admin Console
2. Select your realm (or create a new one)
3. Navigate to Clients → Create client
4. Configure the client:
   • Client type: OpenID Connect
   • Client ID: stallion-sso
5. Click Next

Step 2: Configure Client Settings

Configure the following settings:

Click Save.

Step 3: Gather OIDC Configuration

1. Go to Clients → stallion-sso → Credentials tab
2. Copy the Client secret
3. Note down the following values:

Step 4: Configure SSO in Stallion Console

1. Log in to Stallion Console
2. Navigate to your Organization → SSO Settings
3. Click Configure SSO

Step 4.1: Enter Configuration

Enter the following details:

Click Next to proceed.

Step 4.2: Verify Domain

1. Copy the provided TXT record
2. Add it to your domain's DNS settings
3. Wait for DNS propagation (this may take a few minutes)
4. Click Verify to confirm domain ownership

Step 4.3: Finalize SSO

1. Click Finalize SSO
2. You will be redirected to Keycloak to log in
3. Complete authentication with your Keycloak credentials
4. Once successful, SSO is fully configured

Step 5: Configure User Attributes (Optional)

To pass additional user information, configure mappers in Keycloak:

1. Go to Clients → stallion-sso → Client scopes tab
2. Click on the dedicated scope
3. Add mappers for email, name, and other required attributes

Troubleshooting