Page History
...
The following objects have to be in place with Keycloak to enable authentication from JOC Cockpit:
- Realm configuration. configuration
- Client configuration,
- User Accounts,
- Roles.
- Roles are used with the Identity Service Type
KEYCLOAK
. Roles are not required when using the Identity Service TypeKEYCLOAK-JOC.
- Roles are used with the Identity Service Type
...
If no Keycloak Client is present then it can be added in Keycloak.
- Enabled: On
- Client Protocol: openid-connect
- Credentials/Client Autenticator: Client Id and Secret.
- Roles: New Roles can be added to the client.
Roles
A admin role must be added to the realm. The admin role must have at least the client-roles
- realm-management.view-clients
- realm-management.view-users
When the KEYCLOAK
Identity Service Type is used then the names of roles in Keycloak have to match the roles in JOC Cockpit.
When the KEYCLOAK-JOC
Identity Service Type is used then roles in Keycloak are not considered. Instead roles are assigned to accounts in JOC Cockpit..
User Accounts
Admin account
- The admin user must have password credentials.
- The admin role must be assigned to the admin user.
JOC Accounts
For each account that should be able to login into JOC Cockpit, a user must be added.
- Enabled: On
- Required User Actions: none
- Email Verified: Off
- Credentials: Password
- Credentials.Temporary: Off
Anchor | ||||
---|---|---|---|---|
|
...