Sysdig Documentation

Keycloak (OpenID On-Prem)

Review OpenID Connect (On-Prem) before you begin.

The notes below describe minimal steps to be taken in Keycloak. You may need to adjust the steps based on the specifics of your environment.

  1. Login to your Keycloak server's Administrative Console.

  2. Select a realm or create a new one.

  3. Click Clients, then click the Create button.

  4. Enter the Client ID of your choosing (e.g. "SysdigMonitor") and take note of it, as you will need it later to complete the configuration in the Sysdig platform.

  5. Make sure the Client Protocol drop-down has openid-connect selected. Click the Save button.

  6. Configure OpenID Connect client

    • Click the toggle for Authorization Enabled to ON

    • For Valid Redirect URI, enter one of the following values, replacing HOSTNAME with the hostname through which your users access the Sysdig application(s) and PORT with the TCP port # (typically 443):

      If configuring Sysdig Monitor, enter: https://HOSTNAME:PORT/api/oauth/openid/auth

      If configuring Sysdig Secure, enter: https://HOSTNAME:PORT/api/oauth/openid/secureAuth

    • Click the Save button

  7. Click to the Credentials tab. Take note of the Secret that is shown, as you will need it to complete the configuration in the Sysdig platform.

  8. Note that the Issuer URL you will need to configure in the Sysdig platform will consist of https://{KEYCLOAK-SERVER-ADDRESS}/auth/realms/{REALM_NAME}, where {KEYCLOAK-SERVER-ADDRESS} and {REALM-NAME} are derived from your environment where you just created the configuration.

  9. Return to the bottom section of the OpenID Connect (On-Prem) article for instructions on using the helper script to complete the configuration in the Sysdig platform.