RVY200916: How to configure KeyCloak for Data Hub

Description

Data Hub can either utilise KeyCloak as its default Identity and Access Management interface or as a middle man for another IAM product. 

The following KeyCloak client configuration is the minimum required for KeyCloak 20.0.2 to function with Data Hub: 

Settings tab
General Settings

  • Client ID = DataHub (can be called something else)
  • Name = Data Hub (can be called something else)

Access settings

  • Valid redirect URIs = Data Hubs login URL

Capability config

  • Client authentication = disabled (only needs to be enable to generate secret)
  • Authentication flow
    • Standard flow = enabled
    • Direct access grants = enabled

Logout settings

  • Front channel logout = enabled
  • Backchannel logout session required = enabled

 
Credentials tab

  • Client Authenticator = Client Id and Secret
  • Client secret = regenerate, save, copy, paste into appSettings.json file

 
Advanced tab
Open ID Connect Compatibility Modes

  • Exclude Session State From Authentication Response = enabled

 

For KeyCloak 24.0.3, the following additional option is required: 

 

Advanced tab
Open ID Connect Compatibility Modes

  • Exclude Issuer From Authentication Response = enabled

 

 

 

Comments

Powered by Zendesk