Using Keycloak

Keycloak is launched and shutdown automatically as part of Manta Application startup/shutdown. You can use scripts <MANTA_HOME>\keycloak\bin\startup.bat, <MANTA_HOME>\keycloak\bin\shutdown.bat (or .sh alternatives in linux) to bring the application up/down.

How to Log In to the Application

To log in to Automatic Data Lineage Application protected by Keycloak, navigate to the application as usual. The application transparently checks if you are logged in to the Keycloak server, and if needed, redirects you to the Keycloak login page.

On the login page, type in the username and password (unless Keycloak was configured for another method of authentication) and log in. Once you successfully log in, you are automatically redirected back to the place you navigated to.

When you navigate to another Automatic Data Lineage application (e.g., from Flow Server to Admin GUI) the login is shared between those applications. This means you only have to type in your credentials once, and your session is shared between all the applications.

Application Ports

The new Keycloak no longer uses two ports. From now on, Keycloak only needs the port the application is available on. The control port is no longer available.

Healthpoint URL — http://localhost:${keycloakserverport}/health

Directory Structure

The Keycloak directory structure has changed. The only relevant changes for Automatic Data Lineage are the locations of the configuration files and the logs (see below). The data is available in Manta Launcher, if needed.

Configuration directory — ${installdir}/keycloak/conf
Log directory — ${installdir}/keycloak/log

Configuration

The configuration of Keycloak has been greatly simplified. The dreaded standalone.xml is gone, and the whole configuration uses simple properties like the configuration file.

All configuration options are documented in https://www.keycloak.org/server/all-config.

How to Log In to Keycloak

To configure the Keycloak server itself, navigate to example.com:9090/auth/ and log in with the account created during the installation.

The Keycloak sever installed by the installer contains two realms. The realm is a concept used by Keycloak to host multiple separate user sets in a single server (you can think of it as an organization in AD). Each realm is completely isolated from the others present on the server. The standard installation contains two realms by default: manta and master. The master realm contains the user with the highest privileges, which is then used by the installer to configure the manta realm. The manta realm is configured for use with Automatic Data Lineage Platform.

Under normal circumstances, you do not need to access the master realm.

No alt text provided

Known Issues

Keycloak Is Not Starting

We have discovered that the current version of Keycloak contains a bug which prevents it from starting. This bug occurs almost exclusively on Windows with Java 18. Other OS types and lower JDK versions seem fine. This bug is tracked by the Keycloak team here.