Keycloak (OpenID On-Prem)
Review OpenID Connect (On-Prem) before you begin.
The notes below describe minimal steps to be taken in Keycloak. You may need to adjust the steps based on the specifics of your environment.
Login to your Keycloak server’s Administrative Console.
Select a realm or create a new one.
Click
Clients
, then click theCreate
button.Enter the Client ID of your choosing (e.g. “SysdigMonitor”) and take note of it, as you will need it later to complete the configuration in the Sysdig platform.
Make sure the
Client Protocol
drop-down has openid-connect selected. Click theSave
button.Configure OpenID Connect client
Click the toggle for
Authorization Enabled
to ONFor
Valid Redirect URI
, enter one of the following values, replacingHOSTNAME
with the hostname through which your users access the Sysdig application(s) andPORT
with the TCP port # (typically 443):If configuring Sysdig Monitor, enter:
https://HOSTNAME:PORT/api/oauth/openid/auth
If configuring Sysdig Secure, enter:
https://HOSTNAME:PORT/api/oauth/openid/secureAuth
Click the
Save
button
Click to the
Credentials
tab. Take note of the Secret that is shown, as you will need it to complete the configuration in the Sysdig platform.Note that the Issuer URL you will need to configure in the Sysdig platform will consist of
https://{KEYCLOAK-SERVER-ADDRESS}/auth/realms/{REALM_NAME}
, where{KEYCLOAK-SERVER-ADDRESS}
and{REALM-NAME}
are derived from your environment where you just created the configuration.Return to the bottom section of the OpenID Connect (On-Prem) article for instructions on using the helper script to complete the configuration in the Sysdig platform.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.