Using [CTE-U,MFA]
Integration with Keycloak requires creating an OIDC connection in CipherTrust Manager, after you create an OIDC template in Keycloak.
Prerequisites
Have a CipherTrust Manager set up with:
On the Keycloak platform
The following is the minimum setup for a Keycloak platform. Refer to Keycloak documentation for more information.
-
Create an admin user.
-
Login to the realm and create one or more users.
-
Create a password for the user.
-
Create an OIDC client in realm with the following settings enabled:
-
General Settings:
-
Client Type: OpenID Connect
-
Client ID: Client name
-
-
Capability Config:
- Client Authentication: On
-
Authentication flow:
- Select: Standard flow and Direct access grants
-
-
Note three OIDC parameters:
-
OIDC Provider:
https://<keycloak-name>:<keycloak-port>/realms/<realm-name>/.well-known/openid-configuration
-
Client-ID as configured for the OIDC client
-
Client-Secret as shown for the OIDC client
-
Create an OIDC connection on CipherTrust Manager
-
Log on to the CipherTrust Manager GUI as an administrator.
-
In the left pane, click Access Management
>
Connections. -
In the Connections, click Add Connection.
-
Click OIDC and then click Next.
-
Provide a name for the connection and click Next.
-
Enter values for the configuration information.
Note
Refer to your Multifactor Authentication provider profile for the values.
-
URL of OIDC provider:
-
For KeyCloak, select the URL of the OIDC provider
-
Client-ID as configured for the OIDC client
-
Client-Secret as shown for the OIDC client
-
-
Click Next and in the Add Products window, select CTE for product.
Note
Selecting CTE is correct for CTE and CTE-U.
-
Click Add Connection.