IBM Manta Data Lineage Keycloak Integration
The integration of Keycloak into the Manta Data Lineage platform is controlled by a set of configuration files. The files are:
<mantadir>/serviceutility/WEB-INF/conf/keycloak.json
<mantadir>/serviceutility/WEB-INF/conf/keycloak-b2b.json
<mantadir>/serviceutility/WEB-INF/conf/keycloak-fe.json
Each of these files contains all the data needed by the respective part of the Manta Data Lineage platform to function properly. The files are generated during installation, but they might require manual adjustment.
Flow Server
Flow Server contains a single configuration file. This file configures how Flow Server can reach the Keycloak server.
The most important parameter to set in this file is "auth-server-url"
, which tells Flow Server where the Keycloak server is available. Go to
Networking Setup Examples to see how it can be configured.
Admin GUI
Admin GUI contains three separate configuration files. Each configuration file controls a single Keycloak client defined in the Keycloak server. From the perspective of the Keycloak server, the Admin GUI presents itself as two applications: the first is the actual Java server running as the backend, and the second is the Admin GUI frontend, which (at least as far as Keycloak is concerned) is a separate application. The Admin GUI frontend is the part of the application that users can interact with and that runs on their machine in the web browser. Those are inseparable, but for authentication purposes they are distinct.
The backend part is configured in the file keycloak.json
, and the frontend part is configured in the file keycloak-fe.json
. The last file, keycloak-b2b.json
, controls how the Admin GUI backend server communicates
with Manta Flow Server. B2B stands for backend to backend. This communication happens in the background. In such cases, the Admin GUI server has to authenticate before it can communicate with the Flow Server.
Communication Diagram
The communication diagram, as you can see in the image above, is not trivial. The most important fact to note is:
Every application has to talk to the Keycloak server before it can talk to the others.
The dashed line represents the connection to the Keycloak server, used for authentication. The solid lines are the direct lines of communication among the Manta Data Lineage platform servers. The diagram above also shows how each configuration file is related to the particular application.
This diagram is very abstract and omits the real configuration of the production networking setup. In the following page, several realistic configurations are presented to guide you in setting up your Keycloak installation.