Authenticate Keycloak

#1

Hi everyone,
Does anyone have an example of how to authenticate using Keycloak?

Redirected to the namespaces
#2

Hey Luis. I did it successfully yes.

You have to create a Keycloak OIDC Client. You enable Client authentication (confidential client) and standard flow. You fill in Valid redirect URIs with https://[your-corteza]/auth/external/openid-connect.[your-corteza-client-handle]/callback. You fill web origins with https://[your-corteza]. You save and go to tab “credentials”. There you copy the client secret to clipboard.

In Corteza (2024.9) you go to Admin > Auth settings. There is a section called External Authentication Providers where you click on Add an OIDC provider. In the popup:

  • Handle: Doesnt matter as long as it is the same name you use in Keycloak in your valid redirect URI.

  • OIDC Issuer URL: https://[your-keycloak]/realms/[your-realm]

  • Client key: Whatever you called you Client in Keycloak

  • Secret: The Client secret you copied to your clipboard

  • Scope: “openid email profile”

Click on ok and I think that should be it. I run Corteza in Docker and it might be that I had to restart the Container but not sure.

1 Like
#3

@Swordfish would you mind if this gets included in the documentation? If all is good, could you please provide some screenshots to describe this?

#4

Hey :slight_smile:

Yeah sure you can do that.

Regarding the screenshot… I followed another approach in my project (Corteza Impersination Token) to integrate Corteza with my other stuff, so unfortunately I deleted the approach I described above :frowning:

But it should be easy to reproduce as long as you have a little experience with both tools I guess.

Maybe you can try to do so and if you get stuck, just ping me.

Edit: Ok nevermind, I just set it up again. I have the screenshots but this Forum wont let me upload more than one media file per post and zip is not possible either. How can I provide you the screenshots @tjerman ?

#5

@Swordfish , thanks for the reply. I’m also interested in the screenshots.

#6

Ok I think it works now. So here are the screenshots.

First we create the Keycloak Client:

Create_keycloak_client_1
Create_keycloak_client_11681Ă—466 22.5 KB

Create_keycloak_client_2
Create_keycloak_client_21307Ă—558 37.7 KB

Create_keycloak_client_3
Create_keycloak_client_32145Ă—925 158 KB

Then we copy the CLient secret to the clipboard:

get_client_secret_of_keycloak_client
get_client_secret_of_keycloak_client1421Ă—678 29.6 KB

Then we create the Corteza Provider:

Click on “Add an OIDC Provider” Button:

create_corteza_provider_1
create_corteza_provider_12092Ă—1010 140 KB

Fill the form:

create_corteza_provider_2
create_corteza_provider_21027Ă—1205 102 KB

Click on submit to save the new provider:

create_corteza_provider_3
create_corteza_provider_32155Ă—1208 259 KB

Restart Corteza Container. Now your Corteza Login should have a new button:

login_with_keycloak_1
login_with_keycloak_11467Ă—847 37.5 KB

And this should lead you to the Keycloak Login:

login_with_keycloak_2
login_with_keycloak_21127Ă—627 35 KB

I you have any questions/issues, just let me know :slight_smile:

1 Like
#7

Amazing thanks a lot🙏

1 Like