User Configuration OIDC

This configuration is done in the Keycloak admin console.

Prerequisites

  • A user with admin rights for Keycloak

Realm Model

A Keycloak realm manages a set of users, credentials, and roles. A user always belongs to a realm. So realms are isolated from one another. We differentiate between two kinds of realms:

  • One is needed for the Solution Designer and Solution Hub components
  • One is needed for each k5-project

So if you have three k5-projects in place, you could have configured and use up to four Keycloak realms. It's also possible to use only one realm for the Solution Designer and Solution Hub components and one for every k5-project. That would be useful if all users should have access to all components and all running solutions within the k5-projects for example.

Create New Users

  • Open Keycloak admin console, e.g. https://identity.apps.openshift-01.example.cloud
  • Choose a realm
  • Open Users -> Add user
  • Required input parameters are
    • Username
    • Email
    • First Name
    • Last Name
  • Save the new user
Note: The email address is necessary for the GitLab/Keycloak integration to work.

Set User's Initial Password

  • Open the created user
  • Go to Credentials
  • Create initial New Passwordand confirm it
  • Activate flag Temporary, so that the user has to change the password with the first login
  • Press Reset Password

Assign Roles to Users

  • Go to Role Mappings
  • Select needed Available Roles
  • Press Add selected > to assign the roles (see User Role Model)