[keycloak-user] looking for samples and howto's

[lists]

Hi,

I have been playing with keycloak for the last two days, and while it 
looks beatiful and has all the features (plus many more!) we (think) 
we're looking for, we're having a hard time getting any client to work, 
with one exception: the builtin 'account' client.

We
- setup apache2 reverse proxy so keycloak runs on regular https port
- configured Let's Encrypt SSL
- added our realm & configured our samba AD, synced users/groups
- configured HAProxy for AD DC failover
- configured and tested kerberos authentication
everything works great, but it's all within the keycloak system. 
(specifically: the builtin 'accounts' client)

We've not had much luck at all making an external product authenticate 
using keycloak IdP / SAML. We thought an easy client would be perhaps 
simplesamlphp, or wordpress plugins ("miniOrange SSO using SAML 2.0" and 
"SAML 2.0 Single Sign-On") but there are no examples / step-by-step 
guides specific to keycloak that we can find.

There is a lot of keycloak-related talk on jboss, war, wildfly, 
keycloak's client adapters, etc, but to us, these all seem to be more 
'advanced usage', rather than using a 'regular' SAML capable client.

Or we're beginning to think that perhaps we misunderstand what keycloak 
can do for us...

Hence our request here: Does anyone have a list of simple steps 
("provide this, check this, fill in this here, etc, etc") for some 
well-known external mainstream easily obtainable SAML clients?

We would be very grateful :-)