SSO Using Keycloak
Describes how single sign-on (SSO) is implemented by using Keycloak.
Keycloak Is Preinstalled and Preconfigured
Keycloak is the identity and access management (IAM) solution that provides single-sign-on (SSO) support for the Data Fabric. Starting with release 7.5.0, Keycloak is preinstalled and preconfigured whenever you create a new fabric.
During fabric creation, Keycloak is installed on all the nodes in the fabric. However, the Keycloak server is started on only one node. If new fabrics are created from the first fabric, Keycloak is installed on all the new fabric nodes, but the primary Keycloak node continues to serve the new fabrics.
At installation, Keycloak is
preconfigured with users, groups, and roles that enable integration of Keycloak with the
Data Fabric. The following table describes the
preconfigured items:
Keycloak installation also gives you access to the Keycloak admin
portal.Keycloak Preconfigured Items | How Many? | Names | Notes |
---|---|---|---|
Users | 1 | admin |
Any additional users that are added must be created with uid
and gid attributes, as described in Adding New Users to Keycloak. |
Groups | 1 | fabric-manager |
Any additional groups that are added must be created with the
gidNumber attribute, as described in Adding a Group to Keycloak. |
Roles | 3 | fabric-manager
|
These are the only supported roles. The developer role is
sometimes referred to as the "fabric user" role. |
Clients | 1 | edf-client |
This is the dedicated client for the Data Fabric. In Keycloak, a client is an application or service that can request authentication for a user. |