Keycloak Configuration

This guide provides specific configuration details for using Keycloak as your Identity Provider with the User Tasks Proxy.

Configuration Example

ut-config/oidc-properties.yaml

com:
  c4-soft:
    springaddons:
      oidc:
        ops:
          - iss: https://your-keycloak-server/realms/your-realm
            username-claim: preferred_username
            vendor: keycloak
            tenant-id: <your-realm>
            client-id-claim: azp
            clients:
              - <your-client>

Configuration Fields Explained

• iss: Your Keycloak realm URL. Format: https://<keycloak-server>/realms/<realm-name>
• username-claim: In Keycloak, this is typically preferred_username
• vendor: Should be set to keycloak
• tenant-id: This is your LittleHorse tenant ID
• client-id-claim: Use azp (Authorized Party) for Keycloak
• clients: List of authorized client IDs that can access the User Tasks Proxy

Setting Up Keycloak

TODO

Additional Resources

• Keycloak Official Documentation
• Keycloak Server Administration Guide