Keycloak SSO Configuration

ISE Configuration

  1. Navigate to Administration > Identity Management > External Identity Sources > SAML Id Providers

  2. Click Add

  3. Import Keycloak metadata or configure manually:

    • IdP Entity ID

    • SSO Service URL

    • Certificate

Keycloak Configuration

  1. Create ISE client in Keycloak

  2. Configure SAML settings:

    • Client ID: ise-admin

    • Client Protocol: saml

    • Include AuthnStatement: ON

    • Sign Documents: ON

  3. Export metadata

Attribute Mapping

Map Keycloak attributes to ISE:

Keycloak ISE

username

NameID

groups

MemberOf

Testing

  1. Access ISE admin portal

  2. Should redirect to Keycloak

  3. Login with Keycloak credentials

  4. Should return to ISE authenticated