Keycloak Setup
Keycloak console is available at https://<host-name>/auth
. The Ops team will provide the username and password secrets. If an external hostname is not available, then port forward to the 8080
port of the keycloak pod and use address http://localhost:8080/auth
instead.
Import Realm
Open the Keycloak console
Near the top-left corner in the realm drop-down menu, select Add Realm
Select the ifix-realm.json file
After the realm gets created, select the
ifix
realm from the drop-down near the top-left corner
Creating Clients
Remember to select the
ifix
realm from the Keycloak console before proceedingFrom the Clients section of Keycloak Admin Console, create a client
Provide a unique username for the client
Go to the client's settings
Change Access Type to confidential
Turn on Service Account Enabled
In the Valid Redirect URIs field provide the root URL of the iFIX Instance (Not important for our purposes but need to set it because it is mandatory)
And Save these changes
In the Service Account Roles tab, assign the role "fiscal-event-producer"
In the Mappers tab, create a new mapper to associate the client with a tenantId
Select
Mapper Type
to be "Hardcoded claim"In
Token Claim Name
, write "tenantId"In
Claim value
, write the under which the client is being created. (For example, "pb")Set
Name
same asToken Claim Name
i.e. "tenantId"Select
Claim Json Type
to be "String"
Now you can get the credentials from the Credentials tab and configure them in the client's system.