Keycloak SSO Configuration 2023-1¶
This page describes the GIFT configuration settings that are used to enable Single Sign On (SSO) services via a keycloak server.
GIFT Configuration Files¶
There are 3 configuration files utilized to handle GIFT's interaction with a keycloak server. Settings for each are discussed below.
web.xml¶
This document maintains the configuration that GIFT servers can use to enforce SSO authentication. To enable SSO simply remove the comments surrounding the constraints and roles.
File information:- Located at GIFT/config/tools/gas/auth/
- Contains security constraints which specify which SSO roles are allowed access to GIFT
- Contains security roles which specify what roles in the SSO service are acknowledged by GIFT
Example File:
webapp.xml¶
This document adds a new security handler to GIFT's web applications to use the KeycloakJettyAuthenticator. To enable uncomment the securityHandler settings and then update them with the specific settings for your keycloak server.
File information:- Located at GIFT/config/tools/gas/auth/keycloak/
- Contains security handler settings used to make keycloak the primary form of authentification for GIFT including the keycloak server url.
Example File:
KeycloakAllowedRoles.txt¶
This document defines the keycloak roles with permission to login to GIFT. Update the comma delineated lists for each role to match those defined on the keycloak server.
File Information:- Location at GIFT/config/tools/gas/auth/keycloak/
- Contains comma delineated lists of GIFT admins and users.
Example File:
Keycloak Example Images¶
Example GIFT login
Role definitions
User Settings
