Skip to main content
Version: Next

Single Sign-On (SSO)

As a SmoothGlue Enterprise administrator (admin), you can set up authentication and authorization with username and password or configure single sign-on (SSO) for any of the applications (apps). There are several SSO solutions you can choose from, based on your organizational requirements and use case. This document is a quick-reference guide on how to configure SSO using Keycloak as an SSO solution.

SmoothGlue SSO Automation

SmoothGlue has an opt-in feature for automatically configuring SSO for a majority of the applications supported by SmoothGlue. Please see the Automated Single Sign-On (SSO) guide for more information on what is included in the automation and how to enable/configure the automation.

Logging in to Keycloak

The Admin username along with a randomly generated password can be retrieved from the cluster. They are stored in the keycloak-env Kubernetes secret in the keycloak namespace. Use these to log into Keycloak master realm by visiting https://{{keycloak_fqdn}}/auth/admin.

tip

Keycloak's fully qualified domain name can be retrieved from the HOSTS field in SmoothGlue Build cluster by running the following command:

kubectl get virtualservice -n keycloak

Global SSO Settings

SmoothGlue Build environments will configure the global SSO settings automatically as a SmoothGlue Build environment comes with Keycloak. However, for SmoothGlue Run environments, a System Integrator will need to configure the environment with details about where Keycloak lives.

The following should be placed in the SmoothGlue Run environment's bigbang-values.yaml:

# Global SSO Settings
sso:
  url: https://{{keycloak_fqdn}}/auth/realms/smoothglue

  # Optional; only required for non-publically trusted or self-signed certificates
  certificateAuthority:
    # SSO CA cert for Keycloak
    cert: |
      -----BEGIN CERTIFICATE-----
      ...
      -----END CERTIFICATE-----
info

See How to Configure Big Bang Values for more information on configuring Big Bang applications.

Step-by-step SSO Instructions

SmoothGlue documents step-by-step instructions for configuring SSO for SmoothGlue supported applications. Please refer to the appropriate guide for the application: