Integrating IM with Keycloak as OIDC IdP

Complete the following steps to integrate Identity Management(IM) with Keycloak as OIDC IdP:

  1. Get the Keycloak URL to login to the Keycloak admin console.

    1. Login to the OpenShift console.
    2. Go to Networking > Routes.
    3. Set the project to All Projects.
    4. Find the keycloak route and copy the URL in the Location section.
  2. Login to the Keycloak admin console. You can retrieve the admin username and password from the cs-keycloak-initial-admin secret.

  3. If the users are not created, go to Users > Add user to create a user. Set the required information and click Create. You can update the user details and credentials in the Details and Credentials sections.

    Add user for Keycloak

  4. If you need to create a group and add the users, complete the following steps:

    1. Go to Groups > Create group to create a user group.

      Creating a group for Keycloak

    2. Enter the name of the group and click Create.

    3. Select the group name and click Add member option in the Members section to add the users to the group.

      Adding user to group for Keycloak

  5. Go to Clients > Create client to create an OIDC client. Add the Client ID and set the required information in General settings, Capability config, and Login settings.

  6. Click Save to create the OIDC client with the secret.

    Creating an OIDC client for Keycloak

  7. Go to Client scopes > Create client scope to create the client scope with the required information for the OIDC client.

    Creating client scope for OIDC client

  8. Select the Client scope and configure the Mapper details.

    Configuring mapper details for the client scope

  9. Go to Clients > Clients scopes and add the client scope to the OIDC client.

  10. Go to Realm settings and copy the URI for the realm.

    Realm settings for Keycloak

  11. Login to the CPD console and add a new OIDC IdP connection. Paste the URI for the realm in the Well-known URI section.

    Creating OIDC connection

  12. Onboard the Keycloak user group to CPD. For more information, see Configuring single sign-on using OpenID Connect (OIDC).

    Onboarding keycloak user group

  13. Login to the Keycloak console as an OIDC user.