search

Keycloak authentication setup

hashtag
Keycloak authentication setup

CTIMS can use a local desktop Keycloak instance or an institutional Keycloak instance. Configure the keycloak as shown in the below images.

hashtag
Setting up Keycloak Realm

Keycloak comes with a default realm.

It is ideal to create a new realm named after <username> or <institution> name.

hashtag
Setting up Keycloak Client called "ctims"

Setup a new client called ctims in keycloak. This is the client to be created for CTIMS application. Setup a second client called ctimsadmin in keycloak. This client requires service account permissions.

Setup the ctims client with various values as shown below.

Root URL, Admin URL and policy URL have to be the keycloak URL .

Example - http://localhost:8843/auth/*arrow-up-right

Advanced settings for timeouts

hashtag
Setting up Keycloak Client called "ctimsadmin"

Setup a second client called ctimsadmin in keycloak. This client requires service account permissions.

hashtag
Adding service account roles for Keycloak client "ctimsadmin"

In Service Account Roles Tab, add realm-admin role from realm-management as shown below.

hashtag
Saving UUID of the two clients ctims and ctimsadmin

The UUID of the two clients ctims and ctimsadmin have to be copied and retained for later use.

hashtag
Saving Client secret of the two clients ctims and ctimsadmin

The Credentials tab will show up after Client is enabled and saved. In the Credentals tab, the client secret field will be visible.

The client secret of the two clients ctims and ctimsadmin have to be copied and retained for later use.

PreviousRunning Keycloak with Docker (optional)NextKeycloak client CTIMS role setup

Last updated