Learn how to add users to Keycloak. Keycloak can be configured with the censhare standard login. Keycloak verifies the user credentials and authenticates the users. Users can log into censhare Web, the censhare Client, and censhare Admin Client.
Context
The setup is done in the censhare Admin Client and in the Keycloak administration console.
The setup in this article refers to censhare WP. censhare WP requires external authentication via Keycloak. The censhare standard authentication refers to the authentication that uses user data from the censhare master data. Technically, this is configured in censhare WP as external authentication, because Keycloak serves as a gatekeeper and verifies the username/password externally, before passing the user to the censhare server, where the required and optional user attributes are taken from the Master data/Users table.
To use the external authentication via Keycloak with censhare WP, a dedicated authentication server is required. The user authentication is handled via this dedicated authentication server. Keycloak is used to log in to censhare Web, the censhare Client, and the censhare Admin Client. In this use case, Keycloak does not serve as an identity broker between censhare Server and an identity provider, but as a gatekeeper to the censhare Server.
On the Keycloak server, the censhare realm contains the clients and respective configurations that handle the user authentication to censhare Web and the censhare Clients. In this setup, Keycloak only verifies the user identity (user name and password) and passes the user to the censhare Server. The user profile (default domain and default role, groups, additional domains and roles) are managed as before in the master data. No external user attributes are handled.
If you use already a Keycloak server in your organizational network, you can add the censhare realm to this service, and do not have to set up a new Keycloak instance. Otherwise, you must install and set up Keycloak first, before you proceed with this configuration.
Authentication schema via Keycloak with censhare standard login
