Keycloak User Federation
The Keycloak SAS user provider allows the users of the SAS PCE to be authenticated without requiring them to be added to the Keycloak database explicitly. The sas-user-provider dynamically syncs the users from SAS PCE during the authentication request.
Perform the following steps to provide settings from Keycloak Admin Console UI:
-
In the left pane, select the realm, and select User Federation.
The User Federation page is displayed.
-
In the right pane, select the sas-user-provider option from the drop-down list.
sas-user-provider page is displayed.
-
Enter the required values:
- Agent BSID Key: Copy values as mentioned Configuring the SafeNet Authentication Flows.
- Token Validator URL: Copy values as mentioned Configuring the SafeNet Authentication Flows.
- SAS API Base URL:
http://SASPCE_server/SAS - OrgCode: OrgCode is given at the end of TokenValidator Url.
- JWT Token: On SAS PCE server, login to admin console and go to System > Setup > Agent Communication with jwt > Select Enabled > Generate JWT.
-
Copy the JWT value and click Apply.
-
Click Save.
