Solutions
Products
Support and Downloads
About Zebra
SAML Integration Guide for PTT Pro and Profile Manager
Introduction
Document Layout
Solution Components and Architecture
WFC-ACS Component Diagram
User Authorization Diagrams
Prerequisites
Configure WFC-ACS
Creating a Realm
Creating the Clients
Configuring the Endpoint Settings
Configuring the Endpoint Credentials
Configuring the Endpoint Mappings
SAML Descriptor File
Configuring the Identity Provider
Mapping the User Name from the IdP
Auto Launching the SAML Login
Exporting the WFC-ACS Certificate to SAML
Exporting the WFC-ACS Certificate to PTT Pro
Configure Workforce Connect
Configure Profile Manager
Authentication URL and Access Token URL
Client ID
Client Secret
Configure the PTT Pro Server
Configure the PTT Pro Client
Configure the Profile Client
Device Operation
Troubleshooting the Client Error Message: ADFS Error
Revision History
Configuring the Identity Provider
Configuring the Identity Provider
Configuring the Identity Provider
Use the information from the SAML Descriptor file to configure the Identity Provider.
Click on
Identity Providers
in the left pane of the Keycloak user interface.
Select
SAML v2.0
from the Add Provider drop down menu.
Configure Oauth.
Enter the redirect URL in the
Redirect URI
field.
The Redirect URI entry is constructed as follows:
https://wfc-keycloak.pttpro.zebra.com/auth/realms/<realm-name>/broker/<alias>/endpoint
The
<Alias>
is a convenient label. Change it to an appropriate value. In this example, the alias is
WFC-SAML-Auth
that results in the following redirect URI:
https://wfc-keycloak.pttpro.zebra.com/auth/realms/WFC-SAML-Test-Realm/broker/WFC-SAML-Auth/endpoint
Set
Enable
to on.
Configure SAML.
Enter the single sign-on URL in the
Single Sign-On URL Service
field.
The Single Sign-On Service URL can be copied from the
<SingleSignOnService>
paramter in the SAML Descriptor file. In this example it is:
https://wfc-keycloak2.pttpro.zebra.com/auth/realms/WFC-SAML-Test-Realm/protocol/saml
Enter the single logout service URL in the
Single Logout Service URL
field.
The Single Logout Service URL can be copied from the
<SingleLogoutService>
parameter in the SAML Description file.
Enable
Validate Signature
.
Enable
HTTP-POST Binding Response
.
Enable
HTTP-POST Binding for AuthnRequest
.
Enable
HTTP-POST Binding Logout
.
Enable
Want AuthnRequests Signed
.
Click
Save
.
Entering these URLs causes the WFC-ACS service to read the descriptor file and populate the x509 Certificate and the Signature Algorithm fields.
Configure WFC-ACS
