Zum Hauptinhalt springen

Identity Provider (KeyCloak), deprecated configuration

This page describes how OIDC using Keycloak was configured in the controller. Generic information for Keycloak and its configuration can be found in the Keycloak section.

Deprecated Keycloak configuration

warning

In the past, the OIDC and user search section in the configuration file was called keycloak. Support will be removed in the future, use the separate oidc and user_search sections instead.

The section in the configuration file was called keycloak.

FieldTypeRequiredDefault valueDescription
base_urlstringyes-The URL where the Keycloak server can be reached
realmstringyes-The name of the default Keycloak realm, read more on Keycloak
client_idstringyes-The unique identifier for the OpenTalk client
client_secretstringyes-The secret corresponding to the specified client ID
external_id_user_attribute_namestringnoSee belowThe attribute by which Keycloak and OpenTalk users are assigned to each other. See below for more details.

For configuring user search, see the User search section.

The external_id_user_attribute_name setting is used to configure how Keycloak users resulting from a search and registered Opentalk users are assigned to each other. The following assignment strategies are available:

  • by Keycloak id (default): This is used if external_id_user_attribute_name is not set. Keycloak users are assigned to Opentalk users using Keycloak's id field.
  • by user attribute: Keycloak must provide a user attribute holding the user IDs. The name of this user attribute must be set here in external_id_user_attribute_name.

Examples

Deprecated default Setup

[keycloak]
base_url = "http://localhost:8080/auth"
realm = "MyRealm"
client_id = "Controller"
client_secret = "c64c5854-3f02-4728-a617-bbe98ec42b8f"