Configure Keycloak with censhare standard login
Learn how to add users to Keycloak. Keycloak can be configured with the censhare standard login. Keycloak verifies the user credentials and authenticates the users. Users can log into censhare Web, the censhare Client, and censhare Admin Client.
Context
The setup is done in the censhare Admin Client and in the Keycloak administration console.
Prerequisites
- Administration account for the censhare Server
- Installation of censhare WP
- Installation of Keycloak
The censhare realm and realm keys are configured on the Keycloak server
The Keycloak service is enabled in the censhare Admin Client
Introduction
To use the external authentication via Keycloak with censhare WP, a dedicated authentication server is required. The user authentication is handled via this dedicated authentication server. Keycloak is used to log in to censhare Web, the censhare Client, and the censhare Admin Client. In this use case, Keycloak does not serve as an identity broker between censhare Server and an identity provider, but as a gatekeeper to the censhare Server.
On the Keycloak server, the censhare realm contains the clients and respective configurations that handle the user authentication to censhare Web and the censhare Clients. In this setup, Keycloak only verifies the user identity (user name and password) and passes the user to the censhare Server. The user profile (default domain and default role, groups, additional domains and roles) are managed as before in the master data. No external user attributes are handled.
If you use already a Keycloak server in your organizational network, you can add the censhare realm to this service, and do not have to set up a new Keycloak instance. Otherwise, you must install and set up Keycloak first, before you proceed with this configuration.
Authentication schema via Keycloak with censhare standard login