Keycloak

Keycloak is an open source identity and access managment tool.

OpenDevStack uses eigther Atlassian Crowd or OpenID Connect / OAuth 2.0 protocol for authentication users of provisioning app.

The usage of Keycloak is optional. Instead of keycloak, Atlassian Crowd can still be used for authentication. See documentation under ODS-ComponentsProvisioning AppConfiguration Guide regarding the configuration of provisioning app.

Setup of keycloak for local-installation is all done without further manual setup actions by starting the vagrant-box idmanager.

Realm master

Users

User Password Roles

admin

admin

keycloak admin

Realm opendevstack

There is (beside the master realm) one single OpenDevStack-specific realm: opendevstack.

Groups

There are two OpenDevStack-specific groups inside the opendevstack realm:

  • opendevstack-administrators

  • opendevstack-users

Users

User Password Groups

admin1

admin1

  • opendevstack-administrators

  • opendevstack-users

user1

user1

  • opendevstack-users

Client ods-provisioning-app

There is one OpenDevStack-specific client inside the opendevstack realm: ods-provisioning-app.

There is a protocoll mapper called Group Mapper that maps the user’s group membership to a token claim with name roles.