Overview
This integration guide describes how to integrate platform with Keycloak as an authentication server.
CZERTAINLY access control decouples the identification, authentication, and authorization process. It provides flexible configuration of Externalized Authentication.
To get more information about the identification, authentication, and authorization process, refer to Access Control.
Keycloak
Keycloak is an open source identity and access management solution. It provides a single place to manage all your users and applications. It can be used to secure applications and services with little to no code. It also support single sign-on and other advanced features like multi-factor authentication or risk-based authentication.
Enterprise grade authentication can be achieved by integrating Keycloak with CZERTAINLY.
This integration guide assumes that you have already installed and configured Keycloak. For more information, refer to Keycloak documentation.
Integration
The following steps should be done to integrate Keycloak with CZERTAINLY:
| # | Reference | Short description |
|---|---|---|
| 1 | Create Realm and Client | Create and configure new Keycloak Realm and Client |
| 2 | Configure OAuth2 Provider | Add Keycloak provider to CZERTAINLY OAuth2 provider settings |
| 3 | Create User and Login | Create new Keycloak User for CZERTAINLY and login |
| 4 | (Optional) Add CZERTAINLY Theme | Add CZERTAINLY custom theme to Keycloak and realm |
Identity providers
For the first experiments with Keycloak, you would probably just create local users.
For production, you can configure Identity Providers together with appropriate attribute mapping to allow users to log in to CZERTAINLY with their existing accounts from your organizational IdP. Keycloak supports multiple identity providers. For more information, refer to Identity Providers in the Keycloak documentation.
You can also use MS Active Directory Federation Services integration guide for more information on how to federate AD users with Keycloak.