Integrating IM with Keycloak as OIDC IdP with LDAP registry
Complete the following steps to integrate Identity Management(IM) with Keycloak as OIDC IdP with LDAP registry:
-
Get the Keycloak URL to login to the Keycloak admin console.
- Login to the OpenShift console.
- Go to Networking > Routes.
- Set the project to All Projects.
- Find the keycloak route and copy the URL in the Location section.
-
Login to the Keycloak admin console. You can retrieve the admin username and password from the
cs-keycloak-initial-admin
secret. -
Go to User federation > Add Ldap providers to add an LDAP provider. You can update the settings based on your requirements.
Note: After you add the LDAP provider in the Keycloak user federation, you can search for the LDAP users in the Keycloak
Users
tab. Ensure that you can login to Keycloak as the LDAP user. -
If you need to create a group and add the user, complete the following steps:
-
Go to Groups > Create group to create a user group.
-
Enter the name of the group and click Create.
-
Select the group name and click
Add member
option in theMembers
section to add the users to the group.
-
-
Go to Clients > Create client to create an OIDC client. Add the
Client ID
and set the required information inGeneral settings
,Capability config
, andLogin settings
. -
Click Save to create the OIDC client with the secret.
-
Go to Client scopes > Create client scope to create the client scope with the required information for the OIDC client.
-
Select the
Client scope
and configure theMapper
details. -
Go to Clients > Clients scopes and add the client scope to the OIDC client.
-
Go to Realm settings and copy the URI for the realm.
-
Go to
CPD
console and add a new OIDC IdP connection. Paste the URI for the realm in theWell-known URI
section. -
Onboard the Keycloak user group to CPD. For more information, see Configuring single sign-on using OpenID Connect (OIDC).
-
Login to the Keycloak console as an OIDC user with LDAP registry.