Keycloak is an authentication and authorization server under an open-source license. Thulium enables integration with this solution to control access to the Thulium system.
Shortcuts#
Scope of integration#
- Users can log into the Thulium system using the OpenID Connect mechanism provided by Keycloak,
- The system uses OpenID through a public application registered by Thulium,
- Identification of Users in the Thulium system is based on the "User name" field in Keycloak. This field is the login of a given User, so it cannot be empty. The value of this field must be unique for each User.
Step by step#
- Integration configuration
a) Keycloak authentication integration should be enabled in the section Administration → Advanced → Integrations z grupy Authentication*:
When clicked, a screen with parameters to be completed will appear:
where:
- Client ID - enter the correct customer ID from which OpenID Connect login is allowed,
- Client secret - password for a given customer ID,
- Keycloak version - selection of the Keycloak version you have (important because of the API differences between versions 16 and 17).
In order to obtain the required endpoint parameters such as authorizationEndpoint, tokenEndpoint, userinfoEndpoint, and jwksUri, the System Administrator should either enter them manually or obtain the so-called Discovery Endpoint. Discovery Endpoint containing the configuration of all necessary fields. In the case of the latter, click .
- Automatic user creation - checking this box will allow the system to automatically create accounts for new Users who have properly authenticated with OpenID Connect, even if their accounts have not yet been created in the system.