Integrating IM with Keycloak as OIDC IdP with LDAP registry

Complete the following steps to integrate Identity Management(IM) with Keycloak as OIDC IdP with LDAP registry:

  1. Get the Keycloak URL to login to the Keycloak admin console.

    1. Login to the OpenShift console.
    2. Go to Networking > Routes.
    3. Set the project to All Projects.
    4. Find the keycloak route and copy the URL in the Location section.
  2. Login to the Keycloak admin console. You can retrieve the admin username and password from the cs-keycloak-initial-admin secret.

  3. Go to User federation > Add Ldap providers to add an LDAP provider. You can update the settings based on your requirements.

    Adding LDAP providers

    Note: After you add the LDAP provider in the Keycloak user federation, you can search for the LDAP users in the Keycloak Users tab. Ensure that you can login to Keycloak as the LDAP user.

  4. If you need to create a group and add the user, complete the following steps:

    1. Go to Groups > Create group to create a user group.

      Creating a group for Keycloak

    2. Enter the name of the group and click Create.

    3. Select the group name and click Add member option in the Members section to add the users to the group.

      Adding user to group for Keycloak

  5. Go to Clients > Create client to create an OIDC client. Add the Client ID and set the required information in General settings, Capability config, and Login settings.

  6. Click Save to create the OIDC client with the secret.

    Creating an OIDC client for Keycloak

  7. Go to Client scopes > Create client scope to create the client scope with the required information for the OIDC client.

    Creating client scope for OIDC client

  8. Select the Client scope and configure the Mapper details.

    Configuring mapper details for the client scope

  9. Go to Clients > Clients scopes and add the client scope to the OIDC client.

  10. Go to Realm settings and copy the URI for the realm.

    Realm settings for Keycloak

  11. Go to CPD console and add a new OIDC IdP connection. Paste the URI for the realm in the Well-known URI section.

    Creating OIDC connection

  12. Onboard the Keycloak user group to CPD. For more information, see Configuring single sign-on using OpenID Connect (OIDC).

    Onboarding keycloak user group

  13. Login to the Keycloak console as an OIDC user with LDAP registry.