HELP Setting up SAML with Keycloak


#1

Hey Guys,
Need help setting up SAML
I created a SAML client in keycloak, but as the keycloak SAML fields are named differently to rocketchats, so im confused about what fields to setup in keycloak, and where to put them in rocketchat?
I have looked at the rocket chat documentation here:
https://rocket.chat/docs/administrator-guides/authentication/saml/

These seem fields seem to be the main ones needed by rocket chat

Custom Entry Point ?
IDP SLO Redirec URL ?
Custom Issuer ?

Rocket chat admin requires certificate info (which ive worked out):

Custom Certificate (public CA cert for keycloak site) Correct?
Public cert contents (Keycloak generated public key) Correct?
Private Key contents (keycloak generated private key) Correct?

In keycloak,
Should i turn on Sign Assertions?
Should i turn on Encrypt Assertions ?

I set a keycloak Master SAML Processing URL https://mykeycloakdomain.com:8443/rockechat/saml
Does that go in one of the required rocketchat fields?

In keycloak have NOT set:
Root URL
Valid Redirect URIs
Base URL
IDP Initiated SSO URL Name
IDP Initiated SSO Relay State
As i dont really know what to put…?

Everything else in keycloak is default.
Do i need to do anything in keycloak client scopes?

Ive asked over at JBoss (keycloak developers) but unfortunately their community hasnt replied…
Here’s a screenshot of the keycloak SAML admin page