Keycloak

Using the con terra Technologies Identity Service, smart.finder can delegate the authentication of people to Keycloak . This means that they can log in to smart.finder using their Keycloak account.

The following possibilities arise through a connection with keycloak:

  • Assigning roles for using the Job Manager.

  • Assignment of roles for the use of the Solr Admin Client.

  • Assignment of roles for the user-sensitive restriction of the search index.

Establish connection between smart.finder and Keycloak

The connection of smart.finder with Keycloak is done in two steps.

Step 1: Install and configure Identity Service

In this step, you install and configure the Identity Service as a separate web application. To do this, follow these steps from the Identity Service documentation:

  1. Install the Identity Service.

  2. Connect the Identity Service to Keycloak.

  3. Configure smart.finder as a trusted service in the Identity Service.

  4. Configure services to be requested with an access token as trusted-services in the Identity Service.

Step 2: Configure smart.finder.

To enable login delegation, set the following parameters in the global configuration:

Sample configuration
security.mode=IDENTITY
security.login.base=https://www.example.com/identity
security.mode

The IDENTITY value specifies that authentication is to be delegated via the Identity Service.

security.login.base

Base URL of the Identity Service.