Use these instructions to set up Keycloak as your SSO provider for Tonic Structural.
Keycloak configuration
Create the client
Within Keycloak, select the realm to use for your Structural client. Under Clients, click Create client.
Create client option for Keycloak On the Create client page, under General Settings:
From the Client type dropdown list, select OpenID Connect.
Enter a Client ID and Name.
Create client fields for a Keycloak client On the Capability Config tab, click Save. The details page for the new client displays.
On the Settings tab, under Access settings, enter your Structural URL information.
Access settings for a Keycloak client Click Client scopes. Each client has a dedicated scope named <client-id>-dedicated. To configure the scope, click the scope name.
Client scopes tab for a Keycloak client Add a group membership property mapper
On the Mappers tab, to add a property mapper to the scope, click Configure a new mapper.
Options to add a property mapper to a Keycloak client scope In the list of mapper types, click Group Membership.
Available mapper types for a Keycloak client scope property mapper Under Add mapper, set both Name and Token Claim Name to groups.
Configuration options for a Keycloak property mapper The Full group path toggle affects how child groups appear in Tonic:
When on, child groups display as parent group/child group.
When off, child groups display as child group.
To save the new group membership mapper, click Save.
Structural configuration
In the Structural web server container, set the following Structural environment settings :
TONIC_SSO_PROVIDER: Keycloak
TONIC_SSO_DOMAIN: https://my-keycloak-instance
TONIC_SSO_CLIENT_ID: <Keycloak client ID>
TONIC_SSO_REALM_ID: <Keycloak realm ID>
Last updated
