📔Configure Keycloak Authentication Provider for User Log in
Last updated
Last updated
Copyright © 2024 OpenG2P. This work is licensed under Creative Commons Attribution International LicenseCC-BY-4.0 unless otherwise noted.
This document provides instructions on how to configure Keycloak Authentication Provider in PBMS to help the end-users to utilise the Keycloak option to log into PBMS.
Create a Keycloak client for PBMS/Social Registry as given in Keycloak Client Creation guide.
Install the OpenID Connect Authentication module.
Note:
OAuth providers can be created from Odoo Settings (debug mode).
For configuration reference refer the OpenID Connect Authentication documentation.
Click the main menu icon and select Settings.
The Settings screen is displayed.
Select the tab Users & Companies, and click the option OAUTH Providers.
Providers screen is displayed.
Click the New button.
Providers New screen is displayed.
Enter the values in the respective fields.
For example, the fields, their descriptions, and sample values are given below.
Provider name
Enter the provider name.
For example: Keycloak for PBMS Login
Auth Flow
Select the option OpenID Connect Authorization Code Flow from the drop-down.
Token Map
You can find a default value. In the default value change groups:groups
to client_roles:groups
.
Client Authentication Method
Select the option Client Secret (Post) from the drop-down.
Client Secret
The Client Secret of the Keycloak client. To learn more, refer to Keycloak Client Creation.
Allowed
Check the box to enable the option Allowed.
Allowed in Self Service Portal
Uncheck the box.
Allowed in Service Provider Portal
Uncheck the box.
Login button label
Enter the label name for the Keycloak Login button.
For example: Login with Keycloak.
Note: This text with the button name will appear on login page.
Image Icon URL
Enter the URL of an image for the Keycloak Login button.
Authorization URL, Userinfo URL, Token Endpoint, JWKS URL
These are to be configured as available in the well-known config of Keycloak.
Note:
Keycloak OIDC well-known configuration can be found in Keycloak Admin Console -> Realm Settings -> (Bottom of Page) Endpoints -> OIDC Endpoint Configuration)
Verify Access Token Hash
Check the box to enable the option Verify Access Token.
Allow Signup
Select the option Allows user signup from the drop-down.
Signup Default Groups
Select the option User types/Portal from the drop-down.
Sync User Groups
Select the option On every Login from the drop-down.
Note:
The rest of the fields have the default values.
If you have configured the Keycloak Authentication Provider successfully, you can find the Log in Keycloak button in the PBMS log in page.
Before log in using the option Keycloak in PBMS, ensure the following:
Create client roles on Keycloak application for the client. The client roles can be
Administrator/Settings.
OpenG2P Module Access/Administrator.
OpenG2P Module Access/Registrar.
This completes the configuration of Keycloak Authentication Provider in PBMS for user log in.
Click the icon to save the changes.