Keycloak

Using the con terra Technologies Identity Service, map.apps can delegate the authentication of users to Keycloak . This means that a user can log in to map.apps with an account managed by Keycloak.

Using Keycloak creates the following possibilities:

  • Assignment of roles for the use of map.apps Manager

  • Protection of apps

  • Protection of tools

Using Keycloak has the following limitations:

  • Apps exported with the app export for native apps do not support the authentication. Apps with anonymous access are still supported.

Create connection between map.apps and Keycloak

Connecting map.apps with Keycloak is done in the two steps.

Step 1: Install and configure the Identity Service

In this step you will install and configure the Identity Service as a separate web application. Follow these steps of the Identity Service documentation:

  1. Install the Identity Service.

  2. Connect the Identity Service to Keycloak.

  3. Configure map.apps as trusted service at the Identity Service.

  4. Configure services, which require access tokens, as trusted services at the Identity Service.

Step 2: Configure map.apps

To enable authentication delegation, add or replace the following parameters in the global configuration:

Configuration example
security.mode=IDENTITY
security.login.base=https://identityservice.example.com/identity
security.mode

The IDENTITY value specifies that authentication should be delegated via the Identity Service.

security.login.base

Base URL of the Identity Service.

Allow App Overview only for logged in users

To allow only people with a valid login to access the map.apps app overview, set the following configuration:

# this is used to specify the protected resource paths (which require authentication before use)
# add '/,/*.html' to protect the index.html
security.application.protectedResources=/,/*.html

Configure your apps

To control access to an app, select the authorized roles in the settings in map.apps manager.

If you want to display user profile information in an app, add the bundle authentication to that app. This will also provide an option to logout.