Keycloak (OpenID On-Prem)
- Review OpenID Connect (On-Prem).
- Identify your environment and ensure that you meet the prerequisites.
- Ensure that you have administrative privileges.
Configure OpenID Provider for Keycloak
The instructions below covers basic Keycloak configuration. You may need to adjust the operations based on the specifics of your environment.
Log in to your Keycloak Administrative Console and create the following:
realm: A realm in Keycloak is equivalent to a tenant. Create one for your Sysdig application.
Users: Create users who can access the realm.
Client: Create a client for your Sysdig application and take note of the client ID.
Client type: Choose OpenID Connect.
Client ID: For example, SysdigMonitor. You will use this value for the OpenID Configuration tab in the Sysdig Authentication(SSO) Settings.
Client authorization: Toggle this setting to On.
Authentication flow: Select Standard flow. This option enables standard OpenID Connect redirect based authentication with authorization code.
Login Settings: Specify the following:
Valid redirect URL: enter one of the following values, replacing
HOSTNAMEwith the hostname through which your users access the Sysdig application and
PORTwith the TCP port number, which is typically 443:
Open the Credentials tab. Copy the Secret associated with your client.
You will need it while completing the configuration in the Sysdig platform.
Parameters Required for Sysdig Configuration
Copy the following for the OpenID configuration parameters in the Sysdig authentication settings.
- Client ID: Copy the value from the Settings tab on your Sysdig Client page.
- Client Secrets: Copy the Client Secret from the Credentials tab.
- Issuer URL: The Issuer URL will consist of
https://KEYCLOAK_SERVER_ADDRESS/auth/realms/REALM_NAME,where KEYCLOAK_SERVER_ADDRESS and REALM_NAME are derived from the environment where you created the configuration. You will enter it in the OpenID settings.
Configure Sysdig Settings
To enable Keycloak OpenID functionality on the Sysdig application, you need the following:
|Specify the value you have copied from the Settings tab on your Sysdig Client page.
|Specify the value you have copied from the Client Secret on the Credentials tab.
|The issuer URL will have the following format:
where KEYCLOAK_SERVER_ADDRESS and REALM_NAME are derived from the environment where you created the configuration.
See OpenID Connect (On-Prem) to complete the configuration in the Sysdig platform.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.