# SSO Configuration for KMS Testing

This directory contains configuration files for testing SSO integration with the KMS application.

## Directory Structure

```
sso-config/
├── keycloak/
│   └── kms-realm.json          # Keycloak realm configuration
└── README.md                   # This file
```

## Test Users

The following test users are configured in both identity providers:

| Email | Password | Permissions | Description |
|-------|----------|-------------|-------------|
| admin@example.com | admin123 | internal.* | Full administrative access |
| test@example.com | test123 | app.read, token.read | Standard user access |
| limited@example.com | limited123 | repo.read | Limited access user |

## Keycloak Configuration

- **Admin Console**: http://localhost:8090
- **Admin Credentials**: admin / admin
- **Realm**: kms
- **Client ID**: kms-api
- **Client Secret**: kms-client-secret

### Key Features:
- Pre-configured realm with test users
- OpenID Connect protocol support
- Custom attribute mapping for permissions
- Proper redirect URIs for local development

## SimpleSAMLphp Configuration

- **Admin Console**: http://localhost:8091/simplesaml
- **Admin Credentials**: admin / secret
- **Test Users**: user1 / user1pass, user2 / user2pass

### Key Features:
- SAML 2.0 Identity Provider
- Pre-configured service provider settings
- Test certificates (DO NOT use in production)
- Metadata endpoint available

## Usage

See the main CLAUDE.md file for detailed usage instructions.