Keycloak Client Creation
This guide contains instructions for creating and configuring an OIDC client on Keycloak.
Procedure
The steps to create a Keycloak client are given below.
Log into Keycloak on the OpenG2P cluster.
Select the Clients from the left menu and click Create Client to create the required client.
Follow the below general settings while creating a client.
Client type:
OpenID ConnectClient ID:
<any client Id>For example, openg2p-sr-odk-prodName:
<any name>For example, Social Registry ODK ProdAlways display in UI:
OnClient authentication:
OnAuthentication flow: Select the
Standard flowandService accounts rolesValid redirect URIs:
*
Save the changes and click the Credentials tab above. You must note down the client ID and secret to add while installing the OpenG2P modules.
Click the Client Scopes tab.
Select the client that you created in the Client Scopes.
Select the From Predefined Mappers from the Add Mapper drop-down.
In the Add Predefined Mapper screen, select to show all mappers on the same page. Check all the mappers below the Name column, and click the Add button.
Search and remove the "Audience Resolve" mapper from the added mappers list. Click on Add Mapper -> By configuration and select the Audience mapper in the Configure new mapper page. Configure the audience mapper with the following details.
Client ID:
select your Client ID from the drop-downAdd to Access Token:
ON.Add to ID token:
ON.
After adding predefined mappers, search for "client" in the filter, select Client Roles mapper, update, and save the below changes.
Client ID:
select your Client ID from the drop-downToken Claim Name:
client_rolesAdd to ID token:
ONAdd to userinfo:
ON
Go one step back. Navigate to Client details -> Client Scopes. Remove "roles" scope.
After the successful creation of the client, you can use this client for the OpenG2P module installation from the Rancher UI.
Last updated
