2 Jul, 2018

Freshdesk Keycloak SAML Integration

Today I was trying to SSO everything for the users using Keycloak, and reached the point I had to integrate an helpdesk product. Went to freshdesk as the free plan allows SSO and basic features I needed, integration with freshchat was also a key feature for me, but that’s not the discussion there. I spent like 3h configuring this so I think might be interesting for next one to have some insight on that configuration.

1. Create your client on Keycloak, the ClientID must be “https://yourdomain.freshdesk.com”
2. Other settings are as below I will get back to the certificate later on but grab settings as below.

3. Then let’s the fun start you will need to get that SHA256 key from your certificate,
3a. on Keycloak on your newly created client go to Installation, select SAML Metada IDPSSODescriptor where you will find the dsig:X509Certificate.

3b. Copy paste what you have in there and put it in a notepad, name the file cert.pem and try to open it, it should work and you will get the Thumbprint of the certificate. Except that this is the Sha1 Thumbprint.
3c. Click on Copy to file to save it as a DER file.
3d. Then once saved (here in D:\Playground\der.cer) using openssl get the sha256 key .\openssl.exe x509 -noout -fingerprint -sha256 -inform der -in d:\Playground\der.cer
4. Now you have all you need to configure Freshdesk SSO, that will be easy, I guess you already have everything. On your freshdesk page go to Admin > Security and here you only have 3 fields
4a. The URL you already saw it in the IDPSSODescriptor but if ever: https:///auth/realms//protocol/saml
4b. You can leave it empty as you probably don’t want your user to logoff your keycloak when they logoff from freshdesk.
4c. The famous thumbprint you got in step 3d.
5.To make it super userfriendly, I created a record (helpdesk..com) using let’s redirect going to https://.freshdesk.com/support/login
Create a new subscription

Give it the name you want and choose plan

Once payed go to manage the subscription

And add a Redirect

from helpdesk.yourdomain.com to https://.freshdesk.com/support/login

And create DNS entry

Here you are tell your users to connect to helpdesk.. and here you are. You can also use it yourself as admins will go to admin directly.

Tags: , , , , , ,

About : philippe

One thought on “Freshdesk Keycloak SAML Integration”

Leave a Reply

Your email address will not be published. Required fields are marked *