Overview
This integration guide describes how to integrate platform with Keycloak as an authentication server.
The platform's access control decouples the identification, authentication, and authorization process. It provides flexible configuration of Externalized Authentication.
To get more information about the identification, authentication, and authorization process, refer to Access Control.
Keycloak
Keycloak is an open source identity and access management solution. It provides a single place to manage all your users and applications. It can be used to secure applications and services with little to no code. It also support single sign-on and other advanced features like multi-factor authentication or risk-based authentication.
Enterprise grade authentication can be achieved by integrating Keycloak with ILM.
This integration guide assumes that you have already installed and configured Keycloak. For more information, refer to Keycloak documentation.
Integration
The following steps should be done to integrate Keycloak with the platform:
| # | Reference | Short description |
|---|---|---|
| 1 | Create Realm and Client | Create and configure new Keycloak Realm and Client |
| 2 | Configure OAuth2 Provider | Add Keycloak provider to the platform OAuth2 provider settings |
| 3 | Create User and Login | Create new Keycloak user and login |
| 4 | (Optional) Add ILM Theme | Add the ILM custom theme to Keycloak and realm |
Identity providers
For the first experiments with Keycloak, you would probably just create local users.
For production, you can configure Identity Providers together with appropriate attribute mapping to allow users to log in to the platform with their existing accounts from your organizational IdP. Keycloak supports multiple identity providers. For more information, refer to Identity Providers in the Keycloak documentation.
You can also use MS Active Directory Federation Services integration guide for more information on how to federate AD users with Keycloak.