📔Configure Keycloak Authentication Provider for User Log in
Last updated
Last updated
Copyright © OpenG2P. This work is licensed under Creative Common Attribution (CC-BY-4.0) International license unless otherwise noted.
This document provides instructions on how to configure Keycloak Authentication Provider in PBMS to help the end-users to utilise the Keycloak option to log into PBMS.
Create a Keycloak client for PBMS/Social Registry as given in Keycloak Client Creation guide.
Install the OpenID Connect Authentication module.
Note:
OAuth providers can be created from Odoo Settings (debug mode).
For configuration reference refer the OpenID Connect Authentication documentation.
Click the main menu icon and select Settings.
The Settings screen is displayed.
Select the tab Users & Companies, and click the option OAUTH Providers.
Providers screen is displayed.
Click the New button.
Providers New screen is displayed.
Enter the values in the respective fields.
For example, the fields, their descriptions, and sample values are given below.
Feature | Description | Value |
---|---|---|
Provider name | Enter the provider name. | For example: Keycloak for PBMS Login |
Auth Flow | Select the option OpenID Connect Authorization Code Flow from the drop-down. | |
Token Map | You can find a default value. In the default value change | |
Client ID | The ID of the Keycloak client. To learn more refer to Keycloak Client Creation. | |
Client Authentication Method | Select the option Client Secret (Post) from the drop-down. | |
Client Secret | The Client Secret of the Keycloak client. To learn more, refer to Keycloak Client Creation. | |
Allowed | Check the box to enable the option Allowed. | |
Allowed in Self Service Portal | Uncheck the box. | |
Allowed in Service Provider Portal | Uncheck the box. | |
Login button label | Enter the label name for the Keycloak Login button. | For example: Note: This text with the button name will appear on login page. |
Image Icon URL | Enter the URL of an image for the Keycloak Login button. | |
Authorization URL, Userinfo URL, Token Endpoint, JWKS URL | These are to be configured as available in the well-known config of Keycloak. Note: Keycloak OIDC well-known configuration can be found in Keycloak Admin Console -> Realm Settings -> (Bottom of Page) Endpoints -> OIDC Endpoint Configuration) | |
Verify Access Token Hash | Check the box to enable the option Verify Access Token. | |
Allow Signup | Select the option Allows user signup from the drop-down. | |
Signup Default Groups | Select the option User types/Portal from the drop-down. | |
Sync User Groups | Select the option On every Login from the drop-down. |
Note:
The rest of the fields have the default values.
If you have configured the Keycloak Authentication Provider successfully, you can find the Log in Keycloak button in the PBMS log in page.
Before log in using the option Keycloak in PBMS, ensure the following:
Create client roles on Keycloak application for the client. The client roles can be
Administrator/Settings.
OpenG2P Module Access/Administrator.
OpenG2P Module Access/Registrar.
This completes the configuration of Keycloak Authentication Provider in PBMS for user log in.
Click the icon to save the changes.