Install Safenet Agent for Keycloak

This section describes the steps to install and update the SafeNet Keycloak Agent for Keycloak server.

Install SafenetKeycloakAgentPackage

To install the the Keycloak Agent package on Keycloak server:

1. Extract the package to the installation directory of Keycloak server.

   For example, If the Keycloak is running from C:\(example, C:\keycloak-15.0.1\bin>.\standalone.bat) then the extracted Keycloak Agent package is placed under same location C:\(example,C:\610-000710-003_SafeNetKeycloakAgentPackage_Rev_A\).

2. Navigate to the extracted Keycloak Agent package, and run the Safenet_Keycloak_Agent_Setup script.

3. Enter the path of the Keycloak server directory in the command line and press Enter as displayed below:

   

4. After successful installation, the following output is displayed:

   

   It reloads the server and a new SAS provider is visible under Server Info in Admin section:

   

   

5. Once installed, the following components are required on the Keycloak Authorization server:

   • A Realm
   • An OAuth 2 client
   • Valid Client scope applied to the client
   • User Federation - so that Keycloak server knows where to look for users’ authentication

Verify SafeNetKeycloakAgent Installation

Installation of SafeNetKeycloakAgent adds three new authentication flows. Perform the following steps to verify if the SafeNetKeycloakAgent is properly installed:

1. Go to the previously created realm, Select Authentication from the left pane.

2. In the right pane, click Flows.

   

3. Check the drop-down list under Flows tab, this should list the following options:

   • Safenet OTP Flow
   • SafeNet OTP UserIdProvided Flow
   • SafeNet LDAP OTP Flow