Skip to main content
Skip table of contents

Configuring KeyCloak Open ID Connect

You must register your thingshub tennat with Keycloak instance in order to use Keycloak OIDC with thingshub. You will need the client ID and client secret key that Keycloak generates for you after the registration.

Configure OpenID Connect and register Thingshub in Keycloak Instance

  1. Open the Admin Console of your Keycloak installation in your browser.

  2. Sign in with keycloak admin account with appropriate privilege, if not done already.

  3. Hover over Select realm and click on Add realm.

  4. Type thingshub in the Name field and set Enabled to ON. Click on Create. Your Realm is created.

  5. On the next page, click on Clients from the left plane and click on Create.

  6. Type thingshub-sso in the Client ID field. Set Client Protocol to openid-connect.

  7. In the Root URL, type the domain address of your thingshub tenant. This is the address where your thingshub system is running.
    (Eg: https://foo-bar.thingshub.smartmakers.de)

  8. Click on Save. You will be taken to the client settings page.

  9. Scroll, find the Access Type option, and select confidential from the dropdown.

  10. Find the Service Accounts Enabled option and switch it to ON. Find the Authorization Enabled option and switch it to ON.

  11. Scroll to the bottom and Click on save.

  12. Go to the Credentials tab from the top and find the value Secret under the Client Authenticator section. This is your Client Secret. Your Client ID is thingshub-sso.

Enable and configure Keycloak OIDC in Thingshub

YAML 
global:
  domain: foo.bar.com
  tenant_mode: trackinghub

...

  identity_providers:
    keycloak_oidc:
      enabled: true
      params:
        realm: thingshub
        client_id: thingshub-sso
        client_secret: <Client Secret from above>
        root_url: <Addresss of your keycloak installation>
      button:
        logo: "data:image/png;base64,iVBORw0KG........"
        text: "Sign-in with KeyCloak"
        btn_color: "#B12B28"
        text_color: "#402306"

...

keycloak_oidc configurations:

  • enabled: The enabled flag is used to toggle keycloak_oidc on or off.

  • params: This block provides the configurations for thingshub to set up keycloak_oidc

    • realm: The name of the realm in keycloak where the thingshub is registered as a client. It is the value you put in the Name field while creating the realm ( here “thingshub” ).

    • client_id: This is the ID of the thingshub client registered to the Keycloak realm. It is the value you put in the Client ID field while creating the client (here “thingshub-sso” ).

    • client_secret: This is the secret provided by the Keycloak for the thingshub client after client creation. You can access it from the Credentials tab of thingshub client settings in the Keycloak Admin Console.

    • root_url: This is the URL of the Keycloak installation that you are using.

  • button: The button block holds the theme for the button for Keycloak OpenID Connect displayed on the thingshub login page.

    • logo: It is the base64 encoded string of the image to be displayed in the login button for Keycloak OpenID Connect. The base64 encoding should be in Data URI format.

    • text: Text is the message to be displayed in the login button for Keycloak OpenID Connect.

    • btn_color: It sets the color of the login button for Keycloak OpenID Connect.

    • text_color: It sets the color of the message in the text field that is to be shown in the login button for Keycloak OpenID Connect.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close