Create User and Login

Create user in the CZERTAINLY realm following steps described in the Creating users section of the Keycloak documentation, with these attributes:

Username: admin
Email: admin@czertainly.local
First name: CZERTAINLY
Last name: Administrator

You can use the attributes mapping to define roles for the user. For that purpose, set the user attributes according to Configuring user attributes:

groups: superadmin

This will map the groups attribute to the roles attribute in the JSON ID of the user and the resulting JSON ID will look like this:

{
  "email_verified": true,
  "roles": [
    "superadmin"
  ],
  "username": "admin",
  "sub": "5560f639-8067-415d-85ae-809b06e48d19",
  "given_name": "CZERTAINLY",
  "family_name": "Administrator",
  "email": "admin@czertainly.local",
  "id": "5560f639-8067-415d-85ae-809b06e48d19",
  "preferred_username": "admin",
  "name": "CZERTAINLY Administrator"
}

JSON ID

JSON ID will be forwarder by the API gateway to CZERTAINLY. The JSON ID contains the payload from the Userinfo Endpoint of the Keycloak OpenID Connect provider. For more information, see JSON ID in the access control section.

Automatic registration of user and roles

By default the users and roles that do not exists are rejected. However, in some cases, it is desirable to automatically register the user and roles. This is required for example when single sign-on (SSO) and user federation is allowed. The behavior of the user and roles registration is controlled by the values createUnknownUsers and createUnknownRoles in the Auth service. If you want to enable automatic registration of users and roles, set the following values when installing or upgrading Helm chart:

authService:
  createUnknownUsers: "true"
  createUnknownRoles: "true"

You can login to CZERTAINLY with configured user:

Open the CZERTAINLY login page: https://<CZERTAINLY_DOMAIN>/login
Login with username admin

Create User and Login

Login​

Login