Keycloak

Keycloak Configuration

1. Open the page at http://localhost:8880/ (or another address specified in the environment variables).
2. Enter the login and password from the environment settings.

3. Select “Manage realms” and click on “Create realm”.
4. In the opened window, enter the “Realm name”, for example, “sysadminanywhere”.
5. Click “Create”.

6. Select “User federation” and then “Add LDAP provider”.

7. Configure the “Connection and authentication settings” section. Fill in the “Connection URL” and click “Test connection”. If a message about successful connection appears, continue the configuration. Click “Test authentication” to verify authentication.

8. Configure the “LDAP searching and updating” section.

9. Next, configure “Synchronization settings”. If not needed, disable “Import users”.

10. Click “Save”.

11. Configure a client. Select “Clients” and click “Create client”. Enter the “Client ID”, for example, “sysadminanywhere”. Click “Next”. Then “Save”.

12. Go to “Clients” and select “sysadminanywhere” (or what was specified earlier). Fill in the “Access settings”.

13. Next, go to the “Capability config” section and click “Save”.

14. Next, click the “Credentials” tab in the client’s properties and copy the “Client Secret” into the KEYCLOAK_CLIENT_SECRET environment variable.

15. Go to “Client scopes” and click “Create client scope”. Fill in the “Name” field and click “Save”.

16. Select our “Client scope”, click the “Mappers” tab, and then click “Configure a new mapper”.

17. Select “User Property”.

18. Add federationLink…

19. Repeat for groups, selecting “Group Membership”.

20. Add to the hosts file:

127.0.0.1 keycloak

21. Everything is ready for domain authorization.