SSO Using Keycloak

Describes how single sign-on (SSO) is implemented by using Keycloak.

Keycloak Is Preinstalled and Preconfigured

Keycloak is the identity and access management (IAM) solution that provides single-sign-on (SSO) support for the Data Fabric. Starting with release 7.5.0, Keycloak is preinstalled and preconfigured whenever you create a new fabric.

During fabric creation, Keycloak is installed on all the nodes in the fabric. However, the Keycloak server is started on only one node. If new fabrics are created from the first fabric, Keycloak is installed on all the new fabric nodes, but the primary Keycloak node continues to serve the new fabrics.

At installation, Keycloak is preconfigured with users, groups, and roles that enable integration of Keycloak with the Data Fabric. The following table describes the preconfigured items:
Keycloak Preconfigured Items How Many? Names Notes
Users 1 admin Any additional users that are added must be created with uid and gid attributes, as described in Adding New Users to Keycloak.
Groups 1 fabric-manager Any additional groups that are added must be created with the gidNumber attribute, as described in Adding a Group to Keycloak.
Roles 3 fabric-manager

infrastructure-admin

developer

These are the only supported roles. The developer role is sometimes referred to as the "fabric user" role.
Clients 1 edf-client This is the dedicated client for the Data Fabric. In Keycloak, a client is an application or service that can request authentication for a user.
Keycloak installation also gives you access to the Keycloak admin portal.