User Configuration

This configuration is done in the Keycloak admin console.

Prerequisites

  • user with admin rights for Keycloak

Realm model

A Keycloak realm manages a set of users, credentials, and roles. A user always belongs to one realm. So realms are isolated from one another. We differentiate between two kinds of realms.

  • One is needed for the solution center and Solution Hub component
  • One is needed for a Solution Envoy

So if you have three Solution Envoys in place you could have configured and use up to four Keycloak realms.Its also possible to use only one realm for the solution center and solution-Solution Hub component and for every Solution Envoy. That would make sense if all users should have access to all components and all Solution Envoys for example.

Create a new user

  • Open Keycloak admin console, e.g. https://identity.apps.openshift-01.example.cloud
  • Choose a realm
  • Open Users -> Add user
  • Required input parameters are
    • Username
    • Email
    • First Name
    • Last Name
  • Save the new user
Note: Please note, that the email adress is necessary for the GitLab/Keycloak integration to work.

Set initial password for the user

  • Open the created user
  • Go to Credentials
  • Create initial New Passwordand confirm it
  • Activate flag Temporary that the user has to change the password with the first login
  • Press Reset Password

Assign roles to the user

  • Go to Role Mappings
  • Select needed Available Roles
  • Press Add selected > to assing the roles (see User Role model)