Use this procedure to configure {Project} settings for {Keycloak} authentication using the {ProjectWebUI}.
Note that you can navigate to the following URL within your realm to obtain values to configure {Project} settings: https://{Keycloak-short}.example.com/auth/realms/{Project}_Realm/.well-known/openid-configuration
-
Ensure that the Access Type setting in the {Project} client in the {Keycloak} web UI is set to confidential
-
In the {ProjectWebUI}, navigate to Administer > Settings, and click the Authentication tab.
-
Locate the Authorize login delegation row, and in the Value column, set the value to Yes.
-
Locate the Authorize login delegation auth source user autocreate row, and in the Value column, set the value to External.
-
Locate the Login delegation logout URL row, and in the Value column, set the value to https://{foreman-example-com}/users/extlogout.
-
Locate the OIDC Algorithm row, and in the Value column, set the algorithm for encoding on {Keycloak} to RS256.
-
Locate the OIDC Audience row, and in the Value column, set the value to the client ID for {Keycloak}.
-
Locate the OIDC Issuer row, and in the Value column, set the value to https://{Keycloak-short}.example.com/auth/realms/{Project}_Realm.
-
Locate the OIDC JWKs URL row, and in the Value column, set the value to https://{Keycloak-short}.example.com/auth/realms/{Project}_Realm/protocol/openid-connect/certs.
-
In the {ProjectWebUI}, navigate to Administer > Authentication Sources, click the vertical ellipsis on the External card, and select Edit.
-
Click the Locations tab and add locations that can use the {Keycloak} authentication source.
-
Click the Organizations tab and add organizations that can use the {Keycloak} authentication source.
-
Click Submit.