Configure Keycloak Authentication Provider for User Log in

PreviousCreate User and Assign Role Nexti18n

Last updated 7 months ago

Configure Keycloak Authentication Provider for User Log in

This document provides instructions on how to configure Keycloak Authentication Provider in PBMS to help the end-users to utilise the Keycloak option to log into PBMS.

Prerequisites

Create a Keycloak client for PBMS/Social Registry as given in guide.
Install the OpenID Connect Authentication module.

Note:

OAuth providers can be created from Odoo Settings (debug mode).
For configuration reference refer the documentation.

Procedure

Click the main menu icon and select Settings.

The Settings screen is displayed.

Select the tab Users & Companies, and click the option OAUTH Providers.

Providers screen is displayed.

Click the New button.

Providers New screen is displayed.

Enter the values in the respective fields.

For example, the fields, their descriptions, and sample values are given below.

Feature

Description

Value

Provider name

Enter the provider name.

For example: Keycloak for PBMS Login

Auth Flow

Select the option OpenID Connect Authorization Code Flow from the drop-down.

Token Map

You can find a default value. In the default value change groups:groups to client_roles:groups .

Client ID

The ID of the Keycloak client.

Client Authentication Method

Select the option Client Secret (Post) from the drop-down.

Client Secret

Allowed

Check the box to enable the option Allowed.

Allowed in Self Service Portal

Uncheck the box.

Allowed in Service Provider Portal

Uncheck the box.

Enter the label name for the Keycloak Login button.

For example: Login with Keycloak.

Note: This text with the button name will appear on login page.

Image Icon URL

Enter the URL of an image for the Keycloak Login button.

Authorization URL, Userinfo URL, Token Endpoint, JWKS URL

These are to be configured as available in the well-known config of Keycloak.

Note:

Keycloak OIDC well-known configuration can be found in Keycloak Admin Console -> Realm Settings -> (Bottom of Page) Endpoints -> OIDC Endpoint Configuration)

Verify Access Token Hash

Check the box to enable the option Verify Access Token.

Allow Signup

Select the option Allows user signup from the drop-down.

Signup Default Groups

Select the option User types/Portal from the drop-down.

Sync User Groups

Select the option On every Login from the drop-down.

Note:

The rest of the fields have the default values.

If you have configured the Keycloak Authentication Provider successfully, you can find the Log in Keycloak button in the PBMS log in page.

Before log in using the option Keycloak in PBMS, ensure the following:

Create client roles on Keycloak application for the client. The client roles can be
- Administrator/Settings.
- OpenG2P Module Access/Administrator.
- OpenG2P Module Access/Registrar.

This completes the configuration of Keycloak Authentication Provider in PBMS for user log in.

PreviousCreate User and Assign Role Nexti18n

Last updated 7 months ago

This document provides instructions on how to configure Keycloak Authentication Provider in PBMS to help the end-users to utilise the Keycloak option to log into PBMS.

Prerequisites

Create a Keycloak client for PBMS/Social Registry as given in guide.
Install the OpenID Connect Authentication module.

Note:

OAuth providers can be created from Odoo Settings (debug mode).
For configuration reference refer the documentation.

Procedure

Click the main menu icon and select Settings.

The Settings screen is displayed.

Select the tab Users & Companies, and click the option OAUTH Providers.

Providers screen is displayed.

Click the New button.

Providers New screen is displayed.

Enter the values in the respective fields.

For example, the fields, their descriptions, and sample values are given below.

Feature

Description

Value

Provider name

Enter the provider name.

For example: Keycloak for PBMS Login

Auth Flow

Select the option OpenID Connect Authorization Code Flow from the drop-down.

Token Map

You can find a default value. In the default value change groups:groups to client_roles:groups .

Client ID

The ID of the Keycloak client.

To learn more refer to .

Client Authentication Method

Select the option Client Secret (Post) from the drop-down.

Client Secret

The Client Secret of the Keycloak client. To learn more, refer to .

Allowed

Check the box to enable the option Allowed.

Allowed in Self Service Portal

Uncheck the box.

Allowed in Service Provider Portal

Uncheck the box.

Enter the label name for the Keycloak Login button.

For example: Login with Keycloak.

Note: This text with the button name will appear on login page.

Image Icon URL

Enter the URL of an image for the Keycloak Login button.

Authorization URL, Userinfo URL, Token Endpoint, JWKS URL

These are to be configured as available in the well-known config of Keycloak.

Note:

Keycloak OIDC well-known configuration can be found in Keycloak Admin Console -> Realm Settings -> (Bottom of Page) Endpoints -> OIDC Endpoint Configuration)

Verify Access Token Hash

Check the box to enable the option Verify Access Token.

Allow Signup

Select the option Allows user signup from the drop-down.

Signup Default Groups

Select the option User types/Portal from the drop-down.

Sync User Groups

Select the option On every Login from the drop-down.

Note:

The rest of the fields have the default values.

Click the icon to save the changes.

If you have configured the Keycloak Authentication Provider successfully, you can find the Log in Keycloak button in the PBMS log in page.

Before log in using the option Keycloak in PBMS, ensure the following:

Create client roles on Keycloak application for the client. The client roles can be
- Administrator/Settings.
- OpenG2P Module Access/Administrator.
- OpenG2P Module Access/Registrar.

This completes the configuration of Keycloak Authentication Provider in PBMS for user log in.