Configuring Keycloak for Smart API and EcoSys Connect - EcoSys - 3.0 - Installation & Upgrade - Hexagon

Configuring OAuth2 token providers for EcoSys and EcoSys Connect
Language
English
Product
EcoSys
Search by Category
Installation & Upgrade
EcoSys Version
3.0

This section will cover setting up Keycloak to use with EcoSys Smart API and/or EcoSys Connect. After completing these steps, you can use the following values in your EcoSys/Connect environments.

  • Token URL

  • Issuer URL

  • Client ID

  • Client Secret

  • Scope

  • JWKS URL

  1. Login to Keycloack as an admin.

  2. By default Keycloack comes with a master realm. You can use the existing master Realm or can create a new one.

    1. Ensure that the realm being used has Require SSL set to external requests by changing to the realm and navigating to the Login tab.

  3. Create a new Client Scope.

    1. Select Client Scopes.

    2. Click the Create button.

    3. Enter a Name.

      This value is the Client Scope and will be used later during the setup.

    4. Click Save

  4. Create a new Client.

    The same EcoSys client can be used for the setup of Smart API, EcoSys Connect, and OpenID.

    1. Navigate to Clients and click the Create button

    2. Enter the Client ID

      This value is the Client ID and will be used later during the setup

    3. Set Client Protocol to ‘openid-connect’

    4. Set Root URL to your EcoSys URL

    5. Click Save

    6. Change Access type to Confidential

    7. Click Save.

    8. Click the Credentials tab.

      The value from the Secret field is the Client Secret and will be used later in the EcoSys setup.

    9. Click on the Client Scopes tab.

      The newly created client scope appears under Available Client Scopes list. Select the scope and then select Add Selected to add it to the Assigned Default Client Scope list.

  5. Keycloak uses the default Service Account under Clients to make a request. You must create the same user (Custom) in Ecosys. This is applicable only while using Smart APIs.

    In EcoSys, go to Admin > Users and Security and create a Custom user with "service-account-ecosys" as Login Name.

  6. Keycloak has been configured for Smart API or EcoSys Connect. The required URLS are:

    • JWKS URL = http://<Keycloak Host>:<port>/auth/realms/<Keycloak Realm> /protocol/openid-connect/certs

    • Token URL = http://<Keycloak Host>:<port>/auth/realms/<Keycloak Realm> /protocol/openid-connect/token

    • Issuer URL = http://<Keycloak Host>:<port>/auth/realms/<Keycloak Realm>