Keycloak

The Keycloak Authentication Provider enables the Cloud CMS Application Server to authenticate, validate tokens and load user profile information against a Keycloak Server.

Keycloak API Keys

To use this provider, you will To use this provider, you will first need to set up a Developers Account within Facebook and create an application therein. Doing so will give you a set of API tokens:

  • appId - the Facebook application ID token
  • appSecret - the Facebook application Secret token

Configuration

Here are all of the properties that may be configured:

"auth": {
    "enabled": true,
    "providers": {
        "keycloak": {
            "enabled": true,
            "clientID": "clientId",
            "clientSecret": "clientSecret",
            "realm": "master",
            "auth_server_url": "https://keycloak.example.com/auth"
            "successRedirect": "",
            "failureRedirect": "",
            "autoRegister": true,
            "registrationRedirect": "",
            "passTicket": true,
            "passToken": true
        }
    }
}

Where these properties are specific to Keycloak:

  • clientID - the Keycloak client ID
  • clientSecret - the Keycloak client secret
  • realm - the name of the Keycloak realm against which authentication should occur
  • auth_server_url - the URL to the Keycloak server

And the following properties are in common across all authentication providers:

  • enabled - whether the authentication provider is enabled
  • successRedirect - the URL to redirect to if the end user successfully authenticates
  • failureRedirect - the URL to redirect to if the end user fails to authenticate
  • autoRegister - whether to automatically create a Cloud CMS user (if none found) upon authentication
  • registrationRedirect - the URL to redirect to for user registration if a Cloud CMS user is not found
  • passTicket - whether to pass the authentication ticket back as the ticket parameter in the successRedirect
  • passToken - whether to pass the authentication access token back as the token parameter in the successRedirect