You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
### Proposed changes
Problem: To configure OpenID Connect with Keycloak for NIM
authentication, there are new instructions for Keycloak >18 due to UI
changes on the latest version.
Solution: We added those new steps in the documentation.
Testing: Instructions validated and tested by dev and qe
### Checklist
Before creating a PR, run through this checklist and mark each as
complete.
- [ ] I have read the [contributing guidelines](/CONTRIBUTING.md)
- [ ] I have signed the [F5 Contributor License Agreement
(CLA)](https://github.com/f5/.github/blob/main/CLA/cla-markdown.md)
- [ ] If applicable, I have added tests that prove my fix is effective
or that my feature works
- [ ] If applicable, I have checked that any relevant tests pass after
adding my changes
- [ ] I have updated any relevant documentation
([`README.md`](/README.md) and [`CHANGELOG.md`](/CHANGELOG.md))
- [ ] I have rebased my branch onto main
- [ ] I will ensure my PR is targeting the main branch and pulling from
my branch from my own fork
- [ ] If the change involves:
- Code
- Anything that resembles Personally identifying information (PII)
- Make sure to use placeholders such as `<username>` in place of PII
- URLs (watch for
[typosquatting](https://support.microsoft.com/en-us/topic/what-is-typosquatting-54a18872-8459-4d47-b3e3-d84d9a362eb0))
- Significant new/revised content
In these cases, the change will require at least two (2) approvals
before merging
Copy file name to clipboardExpand all lines: content/nim/admin-guide/authentication/oidc/keycloak-setup.md
+40-2Lines changed: 40 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -47,8 +47,19 @@ Follow these steps to configure Keycloak.
47
47
48
48
After the client is created, configure it as follows:
49
49
50
-
1. On the **Settings** tab, in the **Access Type** list, select **confidential**.
51
-
2. On the **Mappers** tab, select **Add Builtin**, and select **groups**. This exports the user's Keycloak Realm Role information for NGINX Instance Manager to use.
50
+
#### For Keycloak versions earlier than 18.x
51
+
52
+
1. On the **Settings** tab, set **Access Type** to **confidential**.
53
+
2. On the **Mappers** tab, select **Add Builtin** and choose **groups** to export Keycloak Realm Role information for NGINX Instance Manager.
54
+
55
+
#### For Keycloak versions 18.x and later
56
+
57
+
1. On the **Settings** tab, under **Capability config**, enable **Client authentication**.
58
+
2. In the **Authentication flow** section, enable **Direct Access Grants** and **Service Account**.
59
+
3. Go to the **Client Scopes** tab.
60
+
- Select the scope named **<client_name>-dedicated (nim-dedicated)**.
61
+
- On the **Mappers** tab, click **Configure new Mapper** and choose **From predefined mappers**.
62
+
- Search for **groups** and select **Add groups mapper**.
52
63
53
64
### Create Keycloak Roles
54
65
@@ -119,6 +130,8 @@ To configure NGINX Instance Manager with the necessary OIDC settings, follow the
119
130
120
131
- Export the environment variables:
121
132
133
+
- **For Keycloak versions earlier than 18.x**:
134
+
122
135
```bash
123
136
# Either the FQDN or the IP address is suitable for these environment variables.
124
137
export KEYCLOAK_IP="<insert-keycloak-IP>"
@@ -134,6 +147,31 @@ To configure NGINX Instance Manager with the necessary OIDC settings, follow the
0 commit comments