Skip to content

Latest commit

 

History

History
83 lines (69 loc) · 2.69 KB

proc_configuring-project-settings-for-keycloak-authentication-using-the-cli.adoc

File metadata and controls

83 lines (69 loc) · 2.69 KB

Configuring {Project} Settings for {Keycloak} Authentication Using the CLI

Use this procedure to configure {Project} settings for {Keycloak} authentication using the {Project} CLI.

Note that you can navigate to the following URL within your realm to obtain values to configure {Project} settings: https://{Keycloak-short}.example.com/auth/realms/{Project}_Realm/.well-known/openid-configuration

Prerequisite

  • Ensure that the Access Type setting in the {Project} client in the {Keycloak} web UI is set to public

Procedure

  1. On {Project}, set the login delegation to true so that users can authenticate using the Open IDC protocol:

    # hammer settings set --name authorize_login_delegation --value true

  2. Set the login delegation logout URL:

    # hammer settings set --name login_delegation_logout_url \
--value https://{foreman-example-com}/users/extlogout

  3. Set the algorithm for encoding on {Keycloak}, for example, RS256:

    # hammer settings set --name oidc_algorithm --value 'RS256'

  4. Open the {Keycloak-short}.example.com/auth/realms/{Keycloak-short}_REALM/.well-known/openid-configuration URL and note the values to populate the options in the following steps.

  5. Add the value for the Hammer client in the Open IDC audience:

    # hammer settings set --name oidc_audience \
--value "['{foreman-example-com}-hammer-openidc']"
    Note

    If you register several {Keycloak} clients to {Project}, ensure that you append all audiences in the array. For example:

    # hammer settings set --name oidc_audience \
--value "['{foreman-example-com}-foreman-openidc', '{foreman-example-com}-hammer-openidc']"

  6. Set the value for the Open IDC issuer:

    # hammer settings set --name oidc_issuer \
--value "{Keycloak-short}.example.com/auth/realms/{Keycloak-short}_Realm"

  7. Set the value for Open IDC Java Web Token (JWT):

    # hammer settings set --name oidc_jwks_url \
--value "{Keycloak-short}.example.com/auth/realms/{Keycloak-short}_Realm/protocol/openid-connect/certs"

  8. Retrieve the ID of the {Keycloak} authentication source:

    # hammer auth-source external list

  9. Set the location and organization:

    # hammer auth-source external update --id Authentication Source ID \
--location-ids Location ID --organization-ids Organization ID