diff --git a/manual/config/saml2_in_10.0.md b/manual/config/saml2_in_10.0.md
index 69f84f81..7c37837c 100644
--- a/manual/config/saml2_in_10.0.md
+++ b/manual/config/saml2_in_10.0.md
@@ -17,23 +17,33 @@ $ apt install dnsutils  # For multi-tenancy feature
 
 ### Prepare SP(Seafile) certificate directory and SP certificates:
 
-Create certs dir
+Create certs dir：
 
-```
-$ mkdir -p /opt/seafile/seahub-data/certs
-```
+=== "Docker Deployment"
+    The default deployment path for Seafile is **/opt/seafile**, and the corresponding default path for seafile-data is **/opt/seafile-data**. If you do not deploy Seafile to this directory, you can check the **SEAFILE_VOLUME** variable in the env to confirm the path of your seafile-data.
+    ```sh
+    cd /opt/seafile-data/seafile/seahub-data
+    mkdir certs
+    ```
+
+=== "Binary Deployment"
+    If you deploy Seafile using the binary package, the default installation and data path is **/opt/seafile**. If you do not deploy Seafile to this directory, please check your actual deployment path.
+    ```sh
+    cd /opt/seafile/seahub-data
+    mkdir certs
+    ```
 
 The SP certificate can be generated by the openssl command, or you can apply to the certificate manufacturer, it is up to you. For example, generate the SP certs using the following command:
 
-```
-$ cd /opt/seafile/seahub-data/certs
-$ openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout sp.key -out sp.crt
+```sh
+cd certs
+openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout sp.key -out sp.crt
 ```
 
 !!! tip "The `days` option indicates the validity period of the generated certificate. The unit is day. The system admin needs to update the certificate regularly"
 
 
-## Integration with ADFS/SAML single sign-on
+## Integrate with Identity Provider
 
 ### Example 1: Microsoft Azure SAML single sign-on app
 
@@ -196,3 +206,87 @@ SAML_REMOTE_METADATA_URL = 'https://temp.adfs.com/federationmetadata/2007-06/fed
 
 
 ### Example 3: Keycloak SAML 2.0
+In this part, we use Keycloak SAML single sign-on app to show how Seafile integrate SAML 2.0.
+
+#### Keycloak SAML single sign-on app
+
+If you use Keycloak SAML app to achieve single sign-on, please follow the steps below:
+
+The test domain name here is exemplified by `https://demo.seafile.top`.
+
+**First**, Create a new Client: 
+
+* Client type: Choose `SAML`；
+
+* Client ID:  Fill in the SAML metadata address of Seafile (e.g.,**https://demo.seafile.top/saml2/metadata/**)
+![](../images/auto-upload/image-NyZkNZ91T_K7Gywl0KHGrQ.png)
+
+* Root URL and Home URL: Root Directory/Homepage, fill in the Seafile web service address (e.g.,**https://demo.seafile.top/**)
+
+* Valid redirect URIs: Valid Redirect URIs, fill in all URLs of the Seafile web service (e.g.,**https://demo.seafile.top/***)
+![](../images/auto-upload/image-JK3df4mzSmO-amDFvQ9Fqg.png)
+
+**Next**, open the client you just created and make the following modifications; leave all other settings as default.
+
+* Settings - SAML capabilities: Set the **Name ID Format** to **email**, and only keep **Include AuthnStatement** enabled, disable all other settings.
+![](../images/auto-upload/image-KC0ARnH5RIq08sLwsv81Rg.png)
+
+* Settings - Signature and Encryption: The default encryption algorithm is RSA_SHA256, so no changes are required.
+![](../images/auto-upload/image-drasTIeIT2iAC6nt6IzPrw.png)
+
+* Keys : Confirm that the Signing keys config is in the disabled state.
+![](../images/auto-upload/image-cW5cH6pNQJi_1NNcBMOrfA.png)
+
+* Client scopes:  Configure the protocol mapping to map user information.
+![](../images/auto-upload/image-CNf9Wb68RrGEa4pXIs9M7Q.png)
+
+**Next**, choose the custom configuration **By configuration**:
+![](../images/auto-upload/image-BpWVpuZASrCa9xLuQNFeSw.png)
+
+![](../images/auto-upload/image-NBUD7HlRQxGkpmLjZXwyDQ.png)
+
+![](../images/auto-upload/image-eG-wA0OnRaORksGEX_IhLA.png)
+
+![](../images/auto-upload/image-Nv_9Yw3qSw2BM4wOdef2MA.png)
+
+**Next**, ensure that the above two attributes are added. After adding them, the result is as follows:
+![](../images/auto-upload/image-ayUp4emgTk2hOSNw-_X9sA.png)
+
+* Advanced - Fine Grain SAML Endpoint Configuration
+
+    * Assertion Consumer Service POST Binding URL: Send the SAML assertion request to the SP using the POST method, and set it to the SAML ACS address of Seafile (e.g.,**https://demo.seafile.top/saml2/acs/**).
+
+    * Assertion Consumer Service Redirect Binding URL: Send the SAML assertion request to the SP via the redirect method, and set it to Seafile's SAML ACS address (same as the Assertion Consumer Service POST Binding URL).
+
+    * Logout Service POST Binding URL: The address for sending a logout request to the SP via the POST method. Fill in the SAML logout POST address of Seafile (e.g.,**https://demo.seafile.top/saml2/ls/post/**).
+
+    * Logout Service Redirect Binding URL: The address for sending a logout request to the SP via the redirect method. Fill in Seafile's SAML logout address (e.g.,**https://demo.seafile.top/saml2/ls/**).
+![](../images/auto-upload/image-RaLdQDv6QpuQvAdqF4idvA.png)
+
+* Advanced - Authentication flow overrides: Bind the authenticator (the default account-password login uses the `Browser` flow).
+![](../images/auto-upload/image-Vg_4N-6GT8mL7-5yVrTvyw.png)
+
+#### Seafile configuration 
+
+```sh
+cd /opt/seafile-data/seafile/conf/
+vim seahub_settings.py 
+
+
+ENABLE_ADFS_LOGIN = True
+#SAML_CERTS_DIR is a path inside the container and does not need to be changed.
+SAML_CERTS_DIR = '/opt/seafile/seahub-data/certs'
+#The configuration format of SAML_REMOTE_METADATA_URL is '{idp_server_url}/realms/{realm}/protocol/saml/descriptor' 
+#idp_server_url: The URL of the Keycloak service
+#realm: Realm name
+SAML_REMOTE_METADATA_URL = 'https://keycloak.seafile.com/realms/haiwen/protocol/saml/descriptor'
+SAML_ATTRIBUTE_MAPPING = {
+    'name': ('display_name', ),
+    'mail': ('contact_email', ),
+}
+
+
+```
+
+**Finally**, open the browser and enter the Seafile login page, click Single Sign-On, and use the user assigned to SAML app to perform a SAML login test.
+![](../images/auto-upload/image-S_qgKCybSBifWLgYRiWagQ.png)
diff --git a/manual/images/auto-upload/image-BpWVpuZASrCa9xLuQNFeSw.png b/manual/images/auto-upload/image-BpWVpuZASrCa9xLuQNFeSw.png
new file mode 100644
index 00000000..ad2e4f1f
Binary files /dev/null and b/manual/images/auto-upload/image-BpWVpuZASrCa9xLuQNFeSw.png differ
diff --git a/manual/images/auto-upload/image-CNf9Wb68RrGEa4pXIs9M7Q.png b/manual/images/auto-upload/image-CNf9Wb68RrGEa4pXIs9M7Q.png
new file mode 100644
index 00000000..6b6025c2
Binary files /dev/null and b/manual/images/auto-upload/image-CNf9Wb68RrGEa4pXIs9M7Q.png differ
diff --git a/manual/images/auto-upload/image-JK3df4mzSmO-amDFvQ9Fqg.png b/manual/images/auto-upload/image-JK3df4mzSmO-amDFvQ9Fqg.png
new file mode 100644
index 00000000..b0040169
Binary files /dev/null and b/manual/images/auto-upload/image-JK3df4mzSmO-amDFvQ9Fqg.png differ
diff --git a/manual/images/auto-upload/image-KC0ARnH5RIq08sLwsv81Rg.png b/manual/images/auto-upload/image-KC0ARnH5RIq08sLwsv81Rg.png
new file mode 100644
index 00000000..e2fc3bb3
Binary files /dev/null and b/manual/images/auto-upload/image-KC0ARnH5RIq08sLwsv81Rg.png differ
diff --git a/manual/images/auto-upload/image-NBUD7HlRQxGkpmLjZXwyDQ.png b/manual/images/auto-upload/image-NBUD7HlRQxGkpmLjZXwyDQ.png
new file mode 100644
index 00000000..0aeefecc
Binary files /dev/null and b/manual/images/auto-upload/image-NBUD7HlRQxGkpmLjZXwyDQ.png differ
diff --git a/manual/images/auto-upload/image-Nv_9Yw3qSw2BM4wOdef2MA.png b/manual/images/auto-upload/image-Nv_9Yw3qSw2BM4wOdef2MA.png
new file mode 100644
index 00000000..62498dc6
Binary files /dev/null and b/manual/images/auto-upload/image-Nv_9Yw3qSw2BM4wOdef2MA.png differ
diff --git a/manual/images/auto-upload/image-NyZkNZ91T_K7Gywl0KHGrQ.png b/manual/images/auto-upload/image-NyZkNZ91T_K7Gywl0KHGrQ.png
new file mode 100644
index 00000000..2cdac21a
Binary files /dev/null and b/manual/images/auto-upload/image-NyZkNZ91T_K7Gywl0KHGrQ.png differ
diff --git a/manual/images/auto-upload/image-RaLdQDv6QpuQvAdqF4idvA.png b/manual/images/auto-upload/image-RaLdQDv6QpuQvAdqF4idvA.png
new file mode 100644
index 00000000..19a3632c
Binary files /dev/null and b/manual/images/auto-upload/image-RaLdQDv6QpuQvAdqF4idvA.png differ
diff --git a/manual/images/auto-upload/image-S_qgKCybSBifWLgYRiWagQ.png b/manual/images/auto-upload/image-S_qgKCybSBifWLgYRiWagQ.png
new file mode 100644
index 00000000..2612f584
Binary files /dev/null and b/manual/images/auto-upload/image-S_qgKCybSBifWLgYRiWagQ.png differ
diff --git a/manual/images/auto-upload/image-Vg_4N-6GT8mL7-5yVrTvyw.png b/manual/images/auto-upload/image-Vg_4N-6GT8mL7-5yVrTvyw.png
new file mode 100644
index 00000000..c2be5ec7
Binary files /dev/null and b/manual/images/auto-upload/image-Vg_4N-6GT8mL7-5yVrTvyw.png differ
diff --git a/manual/images/auto-upload/image-ayUp4emgTk2hOSNw-_X9sA.png b/manual/images/auto-upload/image-ayUp4emgTk2hOSNw-_X9sA.png
new file mode 100644
index 00000000..9ea09599
Binary files /dev/null and b/manual/images/auto-upload/image-ayUp4emgTk2hOSNw-_X9sA.png differ
diff --git a/manual/images/auto-upload/image-cW5cH6pNQJi_1NNcBMOrfA.png b/manual/images/auto-upload/image-cW5cH6pNQJi_1NNcBMOrfA.png
new file mode 100644
index 00000000..77b6fff6
Binary files /dev/null and b/manual/images/auto-upload/image-cW5cH6pNQJi_1NNcBMOrfA.png differ
diff --git a/manual/images/auto-upload/image-drasTIeIT2iAC6nt6IzPrw.png b/manual/images/auto-upload/image-drasTIeIT2iAC6nt6IzPrw.png
new file mode 100644
index 00000000..dd5695f8
Binary files /dev/null and b/manual/images/auto-upload/image-drasTIeIT2iAC6nt6IzPrw.png differ
diff --git a/manual/images/auto-upload/image-eG-wA0OnRaORksGEX_IhLA.png b/manual/images/auto-upload/image-eG-wA0OnRaORksGEX_IhLA.png
new file mode 100644
index 00000000..a17f2bfd
Binary files /dev/null and b/manual/images/auto-upload/image-eG-wA0OnRaORksGEX_IhLA.png differ