Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

A. Active directory user import setup

  1. Create an user a User federation by selecting “LDAP” going to User federation from the dropdown at the top right corner

...

2. Fill the following fields

...

...

  1. left menu and clicking the Add Ldap providers button

...

3. After adding the provider open the provider and Sync, remove and unlink users by cliking following buttons.

...

selection options from the top-right Action menu

...

Findings:

a. Couldn’t found find any way of setting up AD groups with Asta access

b. By default, it gets default-roles-archive-manager, offline_access, uma_authorization

c. It’s possible to connect with multiple AD instances by creating multiple user federationfederations.

B. Azure active directory single sign-on setup

  1. Create a client secret by clicking “New client secret” and persist the secret value for later use

  2. Select identity Identity providers from the left menu. Then select click the OpenId Connect v1.0 from top right corner drop-down list

    Image Removed

    Cope button

    Image Added

  3. Copy redirect Uri and paste it following the in step 4.

...

4. Paste redirect uri from step 3 following the below image

...

5. Add application directory client-id from azure Azure to keycloak Keycloak to import azure Azure settings, then click import

...

Import

https://login.microsoftonline.com/{directoryID}/v2.0/.well-known/openid-configuration

...

6. Add application client-id in “Client ID” Client ID, add client-secret in “Client secret” Client Secret and select client secret sent as basic auth in “Client Authentication”

...

"Client Authentication"

...

7. Now you can get an option to login by azure Login with Azure active directory user.

...

Providing Access to Organization and Projects

By default, the users will not get access to any organizations and/or projects. In order to provide them access to certain organizations and/or projects log in to the Keycloak admin console then go to Groups Realm settings > User registration > Default Groupsgroups

...

Here you can select the groups that you want the users to be members of.

For example, to provide the users' ARCHIVIST access to the project a5 isadg, choose the group am|project|a5isadg|ARCHIVIST from available groups.

...