Mattermost SSO Configuration

note

SmoothGlue will automatically configure this client and application out of the box. This serves primarily as reference if opting out of the auto-SSO feature.

Prerequisites

• Ensure the Global SSO Settings have already been configured for this cluster.
• Access to Keycloak Master Realm

Create Keycloak Client

1. While you are in the smoothglue realm, click on Clients under Manage in the left pane.
2. Click Create client.
3. Enter client name mattermost for Client ID.
4. Click on the Next button.
5. Toggle on Client authentication.
6. Click on the Next button. Note: The application's FQDN name may be obtained by running kubectl get virtualservice -A
7. Enter https://{{ application_fqdn }}/signup/gitlab/complete for Valid Redirect URIs.
8. Click on the Save button.
9. Click on Client scopes tab.
10. Click on mattermost-dedicated.
11. Click on Add predefined mappers.
12. Enable username and email predefined mappers (some may be on the next page).
13. Click Add.

SSO Configuration

Retrieve the client_secret from the Keycloak client:

1. As a Keycloak Admin and within the smoothglue realm, click Clients on the left-hand panel.
2. Click on the mattermost client.
3. Click on the Credentials tab.
4. Copy the value from the Client Secret field.

Add the following values to bigbang-secrets.yaml to configure SSO:

# SSO Additions
addons:
  mattermost:
    sso:
      enabled: true
      client_id: mattermost # should match the client name in keycloakS
      client_secret: "" # Change to your Keycloak client secret

tip

The first user that logs in via SSO will become the default admin account for Mattermost.

It is recommended to use the console-initial-admin for this admin account when using SmoothGlue Console.

info

See How to Configure Big Bang Values for more information on configuring Big Bang applications.