Description
Data Hub can either utilise KeyCloak as its default Identity and Access Management interface or as a middle man for another IAM product.
The following KeyCloak client configuration is the minimum required for KeyCloak 20.0.2 to function with Data Hub:
Settings tab
General Settings
- Client ID = DataHub (can be called something else)
- Name = Data Hub (can be called something else)
Access settings
- Valid redirect URIs = Data Hubs login URL
Capability config
- Client authentication = disabled (only needs to be enable to generate secret)
- Authentication flow
- Standard flow = enabled
- Direct access grants = enabled
Logout settings
- Front channel logout = enabled
- Backchannel logout session required = enabled
Credentials tab
- Client Authenticator = Client Id and Secret
- Client secret = regenerate, save, copy, paste into appSettings.json file
Advanced tab
Open ID Connect Compatibility Modes
- Exclude Session State From Authentication Response = enabled
For KeyCloak 24.0.3, the following additional option is required:
Advanced tab
Open ID Connect Compatibility Modes
- Exclude Issuer From Authentication Response = enabled
Comments