Page History
Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Accessing Keycloak
: Managing AuthenticationImage Added | You can access Keycloak via the corresponding tile in the Scheer PAS Portal. Only users with profile keycloak_user are able to see the tile in the portal. | ||
Image Added | If you click on the Keycloak tile, the tool will open within the portal.
|
Keycloak: Managing Authentication
Image Added | Scheer PAS uses Keycloak to manage Single Sign-on for the platform | Image Removed | Scheer PAS uses Keycloak to save the platform users and their passwords. For API Management and Kibana we also manage roles in Keycloak. Keycloak is an identity and access management software that can manage users for multiple applications and enables them for sigle sign on. Data for each application is stored in so called realms. |
|
Keycloak Roles for Usage with Scheer PAS
In Keycloak, you can assign two different types of roles:
Realm Roles
Realm roles are a global namespace to define your roles. The following realm roles are used with Scheer PAS:
apiadmin
Default Keycloak realm role.
Tip |
---|
See chapter Roles in the official Keycloak documentation. |
Default Keycloak realm role.
Tip |
---|
See chapter Roles in the official Keycloak documentation. |
Client Roles
Client roles are namespaces dedicated to a client. To add a client role, you must first select the client from the drop-down list.
In case of Scheer PAS, the client realm-management is needed
|
How to Create Additional Keycloak Admins
You can create additional admins for Keycloak as follows:
- Go to realm Master.
- Select Users.
- Create a new user or edit an existing user.
- Switch to tab Role Mappings.
- Assign role admin in section Realm Roles.
Scheer PAS API Management uses the Keycloak application to manage application access. Additionally, you can manage user roles in API Management to grant permissions within API Management.
Tip |
---|
Visit the API Management Guide for further informations. You will find a detailed description how Keycloak is used to manage API Management users on page Managing Users and Permissions. |
Keycloak and Kibana
Kibana is delivered with every installation of Scheer PAS 20.1, including a Kibana admin user. Use this admin user to access Kibana.
Preview: Starting with PAS 21.1 you can assign the role elasticadmin to each PAS user individually. This role grants access to Kibana.