Authservice SSO Configuration
Prerequisites
- Ensure the Global SSO Settings have already been configured for this cluster.
- Access to Keycloak Master Realm
Create Keycloak Client
tip
If this client already exists due to it being configured for another cluster, consider adding the environment name as common prefix to the client name. For example, the client name could be my-org-run-authservice.
- While you are in the smoothgluerealm, click onClientsunderManagein the left pane.
- Click Create client.
- Enter client name authserviceforClient ID.
- Click on the Nextbutton.
- Toggle on Client authentication.
- Click on the Nextbutton. Note: The application's FQDN name may be obtained by runningkubectl get virtualservice -A
- Enter https://{{ application_fqdn }}/login/generic_oauthforValid Redirect URIs.
- Click on the Savebutton.
SSO Configuration
Retrieve the client_secret from the Keycloak client:
- As a Keycloak Admin and within the smoothgluerealm, clickClientson the left-hand panel.
- Click on the authserviceclient.
- Click on the Credentialstab.
- Copy the value from the Client Secretfield.
Add the following values to values.yaml to configure SSO:
sso:
  client_id: authservice # should match the client name in keycloak
  client_secret: ""
info
See How to Configure Big Bang Values for more information on configuring Big Bang applications.