Keycloak

Using the con terra Technologies Identity Service, smart.finder can delegate the authentication of people to Keycloak . This means that they can log in to smart.finder using their Keycloak account.

The following possibilities arise through a connection with keycloak:

  • Assigning roles for using the Job Manager.

  • Assignment of roles for the use of the Solr Admin Client.

  • Assignment of roles for the user-sensitive restriction of the search index.

Establish connection between smart.finder and Keycloak

The connection of smart.finder with Keycloak is done in two steps.

Step 1: Install and configure Identity Service

In this step, you install and configure the Identity Service as a separate web application. To do this, follow these steps from the Identity Service documentation:

  1. Install the Identity Service.

  2. Connect the Identity Service to Keycloak.

  3. If smart.finder including map.apps and Identity Service are not made available via the same hostname, adapt the configuration according to the documentation for operating different hostnames under one domain .

  4. Configure services to be requested with an access token as trusted-services in the Identity Service.

Step 2: Configure smart.finder.

To enable login delegation, set the following parameters in the global configuration:

Sample configuration
security.mode=IDENTITY
security.login.base=https://www.example.com/identity
security.mode

The IDENTITY value specifies that authentication is to be delegated via the Identity Service.

security.login.base

Base URL of the Identity Service.