Configuring KeyCloak Open ID Connect
You must register your thingshub tennat
with Keycloak instance in order to use Keycloak OIDC with thingshub. You will need the client ID
and client secret
key that Keycloak generates for you after the registration.
Configure OpenID Connect and register Thingshub in Keycloak Instance
Open the Admin Console of your Keycloak installation in your browser.
Sign in with keycloak admin account with appropriate privilege, if not done already.
Hover over
Select realm
and click onAdd realm
.Type thingshub in the
Name
field and setEnabled
toON
. Click onCreate
. Your Realm is created.On the next page, click on
Clients
from the left plane and click onCreate
.Type thingshub-sso in the
Client ID
field. SetClient Protocol
toopenid-connect
.In the
Root URL
, type the domain address of your thingshub tenant. This is the address where your thingshub system is running.
(Eg: https://foo-bar.thingshub.smartmakers.de)Click on
Save
. You will be taken to the client settings page.Scroll, find the
Access Type
option, and selectconfidential
from the dropdown.Find the
Service Accounts Enabled
option and switch it toON
. Find theAuthorization Enabled
option and switch it toON
.Scroll to the bottom and Click on
save
.Go to the
Credentials
tab from thetop
and find the valueSecret
under theClient Authenticator
section. This is yourClient Secret
. YourClient ID
isthingshub-sso
.
Enable and configure Keycloak OIDC in Thingshub
global:
domain: foo.bar.com
tenant_mode: trackinghub
...
identity_providers:
keycloak_oidc:
enabled: true
params:
realm: thingshub
client_id: thingshub-sso
client_secret: <Client Secret from above>
root_url: <Addresss of your keycloak installation>
button:
logo: "data:image/png;base64,iVBORw0KG........"
text: "Sign-in with KeyCloak"
btn_color: "#B12B28"
text_color: "#402306"
...
keycloak_oidc configurations:
enabled
: The enabled flag is used to togglekeycloak_oidc
on or off.params
: This block provides the configurations for thingshub to set upkeycloak_oidc
realm
: The name of the realm in keycloak where the thingshub is registered as a client. It is the value you put in the Name field while creating the realm ( here “thingshub” ).client_id
: This is the ID of the thingshub client registered to the Keycloak realm. It is the value you put in the Client ID field while creating the client (here “thingshub-sso” ).client_secret
: This is the secret provided by the Keycloak for the thingshub client after client creation. You can access it from theCredentials
tab of thingshub client settings in the Keycloak Admin Console.root_url
: This is the URL of the Keycloak installation that you are using.
button
: The button block holds the theme for the button forKeycloak OpenID Connect
displayed on the thingshub login page.logo
: It is the base64 encoded string of the image to be displayed in the login button forKeycloak OpenID Connect
. The base64 encoding should be inData URI
format.text
: Text is the message to be displayed in the login button forKeycloak OpenID Connect
.btn_color
: It sets the color of the login button forKeycloak OpenID Connect
.text_color
: It sets the color of the message in thetext
field that is to be shown in the login button forKeycloak OpenID Connect
.