|
| 1 | +--- |
| 2 | +title: "How to Configure Keycloak for Omni" |
| 3 | +draft: false |
| 4 | +weight: 220 |
| 5 | +--- |
| 6 | + |
| 7 | +1. Log in to Keycloak. |
| 8 | + |
| 9 | +2. Create a realm. |
| 10 | + |
| 11 | +- In the upper left corner of the page, select the dropdown where it says **master** |
| 12 | + |
| 13 | + |
| 14 | +{{< imgproc keycloak_001.png Resize "900x" >}} |
| 15 | +{{< /imgproc >}} |
| 16 | + |
| 17 | +- Fill in the **realm name** and select **create** |
| 18 | + |
| 19 | +{{< imgproc keycloak_002.png Resize "900x" >}} |
| 20 | +{{< /imgproc >}} |
| 21 | + |
| 22 | +3. Find the realm metadata. |
| 23 | + |
| 24 | +- In the realm settings, there is a link to the metadata needed for SAML under Endpoints. |
| 25 | + - Copy the link or save the data to a file. It will be needed for the installation of Omni. |
| 26 | + |
| 27 | +{{< imgproc keycloak_003.png Resize "900x" >}} |
| 28 | +{{< /imgproc >}} |
| 29 | + |
| 30 | +4. Create a client |
| 31 | + |
| 32 | +- Select the **Clients** tab on the left |
| 33 | + |
| 34 | +{{< imgproc keycloak_004.png Resize "900x" >}} |
| 35 | +{{< /imgproc >}} |
| 36 | + |
| 37 | +- Fill in the **General Settings** as shown in the example below. **Replace the hostname in the example with your own Omni hostname or IP**. |
| 38 | + - Client type |
| 39 | + - Client ID |
| 40 | + - Name |
| 41 | + |
| 42 | +{{< imgproc keycloak_005.png Resize "900x" >}} |
| 43 | +{{< /imgproc >}} |
| 44 | + |
| 45 | +- Fill in the **Login settings** as shown in the example below. **Replace the hostname in the example with your own Omni hostname or IP**. |
| 46 | + - Root URL |
| 47 | + - Valid redirect URIs |
| 48 | + - Master SAML PRocessing URL |
| 49 | + |
| 50 | +{{< imgproc keycloak_006.png Resize "900x" >}} |
| 51 | +{{< /imgproc >}} |
| 52 | + |
| 53 | +- Modify the **Signature and Encryption** settings. |
| 54 | + - Sign documents: **off** |
| 55 | + - Sign assertions: **on** |
| 56 | + |
| 57 | +{{< imgproc keycloak_007.png Resize "900x" >}} |
| 58 | +{{< /imgproc >}} |
| 59 | + |
| 60 | +- Set the **Client signature required** value to **off**. |
| 61 | + |
| 62 | +{{< imgproc keycloak_008.png Resize "900x" >}} |
| 63 | +{{< /imgproc >}} |
| 64 | + |
| 65 | +- Modify **Client Scopes** |
| 66 | + |
| 67 | +{{< imgproc keycloak_009.png Resize "900x" >}} |
| 68 | +{{< /imgproc >}} |
| 69 | + |
| 70 | +- Select **Add predefined mapper**. |
| 71 | + |
| 72 | +{{< imgproc keycloak_010.png Resize "900x" >}} |
| 73 | +{{< /imgproc >}} |
| 74 | + |
| 75 | +- The following mappers need to be added because they will be used by Omni will use these attributes for assigning permissions. |
| 76 | + - X500 email |
| 77 | + - X500 givenName |
| 78 | + - X500 surname |
| 79 | + |
| 80 | +{{< imgproc keycloak_011.png Resize "900x" >}} |
| 81 | +{{< /imgproc >}} |
| 82 | + |
| 83 | +- Add a new user (optional) |
| 84 | + - If Keycloak is being used as an Identity Provider, users can be created here. |
| 85 | + |
| 86 | +{{< imgproc keycloak_012.png Resize "900x" >}} |
| 87 | +{{< /imgproc >}} |
| 88 | + |
| 89 | +- Enter the **user information** and set the **Email verified** to **Yes** |
| 90 | + |
| 91 | +{{< imgproc keycloak_013.png Resize "900x" >}} |
| 92 | +{{< /imgproc >}} |
| 93 | + |
| 94 | +- Set a password for the user. |
| 95 | + |
| 96 | +{{< imgproc keycloak_014.png Resize "900x" >}} |
| 97 | +{{< /imgproc >}} |
0 commit comments