Keycloak (OpenID)
Configure OpenID Provider for Keycloak
Review OpenID Connect (SaaS) before you begin.
The notes below describe minimal steps to be taken in Keycloak. You may need to adjust the steps based on the specifics of your environment.
Log in to your Keycloak server’s Administrative Console.
Select a realm or create a new one.
Click
Clients
, then click theCreate
button.Enter the
Client ID
of your choosing (e.g. “SysdigMonitor”) and take note of it.You will enter it in the OpenID Configuration page in the Sysdig Authentication Settings.
Make sure the
Client Protocol
drop-down hasopenid-connect
selected. Click theSave
button.Configure OpenID Connect client:
Click the toggle for
Authorization Enabled
toON
For
Valid Redirect URI
, enter one of the following values:See SaaS Regions and IP Ranges and identify the correct domain URL (Redirect URI) associated with your Sysdig application and region. For example, domain URLs of Monitor and Secure for US East are:
Sysdig Monitor:
https://app.sysdigcloud.com/api/oauth/openid/auth
Sysdig Secure:
https://secure.sysdig.com/api/oauth/openid/secureAuth
For other regions, the format is
https://<region>.app.sysdig.com
.Replace
<region>
with the region where your Sysidig application is hosted. For example, for Sysdig Monitor you use https://eu1.app.sysdig.com/api/oauth/openid/auth.Click Save .
Click to the
Credentials
tab. Take note of theSecret
that is shown.You will enter it in the OpenID settings
Note that the
Issuer URL
will consist ofhttps://KEYCLOAK_SERVER_ADDRESS/auth/realms/REALM_NAME,
whereKEYCLOAK_SERVER_ADDRESS
andREALM_NAME
are derived from your environment where you just created the configuration. You will enter it in the OpenID settings.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.