Keycloak
Waldur supports integration with Keycloak identity manager.
Below is a guide to configure Keycloak OpenID Connect client and Waldur intergration.
Configuring Keycloak
Instructions below are aimed to provide a basic configuration of Keycloak, please refer to Keycloak documentation for full details.
- Login to admin interface of Keycloak.
- Create a new realm (or use existing)
- Open a menu with a list of clients.
- Add a new client for Waldur.
- Change client's access type to "confidential".
- Change client's Valid redirect URIs to "*".
- You can get secret code for the client configuration
- You can find the settings required for configuration of Waldur under the following path on your Keycloak deployment (change
test-waldur
to the realm that you are using):/auth/realms/test-waldur/.well-known/openid-configuration
Configuring Waldur
-
Add Keycloak related configuration to Mastermind's
override.py
:1 2 3 4 5 6
WALDUR_AUTH_SOCIAL.update({'KEYCLOAK_AUTH_URL': 'https://KEYCLOAK_ADDRESS:8080/auth/realms/test-waldur/.well-known/openid-configuration', 'KEYCLOAK_CLIENT_ID': 'CLIENT_ID', 'KEYCLOAK_SECRET': 'SECRET', 'KEYCLOAK_TOKEN_URL': 'https://KEYCLOAK_ADDRESS:8080/auth/realms/test-waldur/protocol/openid-connect/token', 'KEYCLOAK_USERINFO_URL': 'https://KEYCLOAK_ADDRESS:8080/auth/realms/test-waldur/protocol/openid-connect/userinfo' })
-
Make sure
SOCIAL_SIGNUP
is added to the list of available authentication methods:1
WALDUR_CORE['AUTHENTICATION_METHODS'] = ["LOCAL_SIGNIN", "SOCIAL_SIGNUP"]
Full Keycloak related configuration settings are available at Mastermind configuration file reference