Keycloak (OpenID On-Prem)

Review OpenID Connect (On-Prem) before you begin.

The notes below describe minimal steps to be taken in Keycloak. You may need to adjust the steps based on the specifics of your environment.

  • Login to your Keycloak server’s Administrative Console.

  • Select a realm or create a new one.

  • Click Clients, then click the Create button.

  • Enter the Client ID of your choosing (e.g. “SysdigMonitor”) and take note of it, as you will need it later to complete the configuration in the Sysdig platform.

  • Make sure the Client Protocol drop-down has openid-connect selected. Click the Save button.

  • Configure OpenID Connect client

    • Click the toggle for Authorization Enabled to ON

    • For Valid Redirect URI, enter one of the following values, replacing HOSTNAME with the hostname through which your users access the Sysdig application(s) and PORT with the TCP port # (typically 443):

      If configuring Sysdig Monitor, enter: https://HOSTNAME:PORT/api/oauth/openid/auth

      If configuring Sysdig Secure, enter: https://HOSTNAME:PORT/api/oauth/openid/secureAuth

    • Click the Save button

  • Click to the Credentials tab. Take note of the Secret that is shown, as you will need it to complete the configuration in the Sysdig platform.

  • Note that the Issuer URL you will need to configure in the Sysdig platform will consist of https://{KEYCLOAK-SERVER-ADDRESS}/auth/realms/{REALM_NAME}, where {KEYCLOAK-SERVER-ADDRESS} and {REALM-NAME} are derived from your environment where you just created the configuration.

  • Return to the bottom section of the OpenID Connect (On-Prem) article for instructions on using the helper script to complete the configuration in the Sysdig platform.

Last modified July 17, 2021: Aliases to old site urls (#98) (917a9be2)