Skip to main content
Version: 6.12.0

Single Sign-On (SSO)

As a SmoothGlue Enterprise administrator (admin), you can set up authentication and authorization with username and password or configure single sign-on (SSO) for any of the applications (apps). There are several SSO solutions you can choose from, based on your organizational requirements and use case. This document is a quick-reference guide on how to configure SSO using Keycloak as an SSO solution.

SmoothGlue Build SSO Automation

A SmoothGlue Build cluster comes with Keycloak. SmoothGlue will automatically configure the following within Keycloak:

  • A smoothglue realm
  • An admin group (_structsureAdmins)
  • An audit group (_structsureAudit)
  • Clients for the following applications
    • alertmanager
    • authservice
    • grafana
    • kiali
    • neuvector
    • prometheus

SmoothGlue will also configure the above set of applications to use their respective SSO client.

note

SmoothGlue does not currently configure applications or Keycloak clients for SmoothGlue Run clusters

Logging in to Keycloak

The Admin username along with a randomly generated password can be retrieved from the cluster. They are stored in the keycloak-env Kubernetes secret in the keycloak namespace. Use these to log into Keycloak master realm by visiting https://{{keycloak_fqdn}}/auth/admin.

tip

Keycloak's fully qualified domain name can be retrieved from the HOSTS field in SmoothGlue Build cluster by running the following command:

kubectl get virtualservice -n keycloak

Global SSO Settings

SmoothGlue Build environments will configure the global SSO settings automatically as a SmoothGlue Build environment comes with Keycloak. However, for SmoothGlue Run environments, a System Integrator will need to configure the environment with details about where Keycloak lives.

The following should be placed in the SmoothGlue Run environment's bigbang-values.yaml:

# Global SSO Settings
sso:
  url: https://{{keycloak_fqdn}}/auth/realms/smoothglue

  # Optional; only required for non-publically trusted or self-signed certificates
  certificateAuthority:
    # SSO CA cert for Keycloak
    cert: |
      -----BEGIN CERTIFICATE-----
      ...
      -----END CERTIFICATE-----
info

See How to Configure Big Bang Values for more information on configuring Big Bang applications.

Step-by-step SSO Instructions

SmoothGlue documents step-by-step instructions for configuring SSO for SmoothGlue supported applications. Please refer to the appropriate guide for the applicatation: