Identity Provider (KeyCloak)
The OpenTalk Controller uses keycloak, an OpenID Connect compatible identity and access management software for single sign-on.
Configuring keycloak for OpenTalk Controller
The Keycloak user interface changed in the past and because of that it's safe to assume that it will continue to change moving forward. Instead of screenshots we describe what needs to be done, and link to the Keycloak documentation where needed. These links reference a specific version of Keycloak. If those settings are outdated, please refer to the Keycloak documentation archive and find the corresponding section there.
This manual describes the configuration for the OpenTalk Controller only, other OpenTalk components might need separate configuration.
- Create a realm for usage with OpenTalk if it hasn't been created yet.
- The Realm ID will be used in the
keycloak.realm
configuration field.
- The Realm ID will be used in the
- Create an OpenID Connect client.
- The Client ID will be used in the
keycloak.client_id
configuration field. - Enable Client authentication and Service account roles in the Capability Config.
- The Client ID will be used in the
- Create Confidential client credentials.
- Use the Client Authenticator Client Id and Secret .
- The Client secret will be used in the
keycloak.client_secret
configuration field.
Controller configuration
In the past, the OIDC and user search section in the configuration file was called keycloak
.
Starting with controller version 0.21.0, this is deprecated, support will be removed in the future.
Use the separate oidc
and user_search
sections instead.