Zum Hauptinhalt springen

Identity Provider (KeyCloak)

The OpenTalk Controller uses keycloak, an OpenID Connect compatible identity and access management software for single sign-on.

Configuring keycloak for OpenTalk Controller

note

The Keycloak user interface changed in the past and because of that it's safe to assume that it will continue to change moving forward. Instead of screenshots we describe what needs to be done, and link to the Keycloak documentation where needed. These links reference a specific version of Keycloak. If those settings are outdated, please refer to the Keycloak documentation archive and find the corresponding section there.

This manual describes the configuration for the OpenTalk Controller only, other OpenTalk components might need separate configuration.

  1. Create a realm for usage with OpenTalk if it hasn't been created yet.
    • The Realm ID will be used in the keycloak.realm configuration field.
  2. Create an OpenID Connect client.
    • The Client ID will be used in the keycloak.client_id configuration field.
    • Enable Client authentication and Service account roles in the Capability Config.
  3. Create Confidential client credentials.
    • Use the Client Authenticator Client Id and Secret .
    • The Client secret will be used in the keycloak.client_secret configuration field.

Controller configuration

In the past, the OIDC and user search section in the configuration file was called keycloak. Starting with controller version 0.21.0, this is deprecated, support will be removed in the future. Use the separate oidc and user_search sections instead.