=== How to configure keycloak for phplist authentication ===

== login to keycloak ==

{{:system:01-login.png?400|}}

== create a realm ==

{{:system:02-create-realm.png?400|}}

{{:system:03-create.png?400|}}

go to realm settings user profile tab and create user attributes (they are used in plugin code)

{{:system:08-create-attributes.png?400|}}

go to clients/(client used for login)/client scopes/add client scope

{{:system:08-place-where-to-create-scope.png?400|}}

and create client scopes

{{:system:08-create-client-scopes.png?400|}}

== create a client ==

{{:system:04-create-clients.png?400|}}

choose client type to be saml (it is oidc by default)

{{:system:05-select-saml.png?400|}}

setup URLs (localhost is a placeholder for phplist application domain)

{{:system:06-set-urls.png?400|}}

after saving client, go to Keys and export client certificate data to use it from applicationside

{{:system:07-export-cert.png?400|}}

=== IDP ===

go to identity providers and create saml2 provider

{{:system:09-idp.png?400|}}

{{:system:10-add-saml-provider.png?400|}}