Authentication with Keycloak
Keycloak is a standards-compliant OAuth 2.0 authorization server and a certified OpenID Connect provider.
The FintechOS built-in integration with Keycloak enables users to log in to the FintechOS Portal using the Keycloak single sign-on (SSO).
How to Set up the Keycloak Authentication
Prerequisite:
Make sure that you know the following values from the Keycloak administration console:
- Client ID
- Client Secret
- Discovery Endpoint
In the web.config file, go to the <appSettings> section and add the configuration of your Keycloak setup:
<!-- 1. Set Keycloak authentication-->
<add key="EBSDefaultAuthentication" value="FTOSOIDC" />
<!-- 2. Replace these values with your Keycloak configuration: -->
<add key="openid-client-id" value="{ClientId}" />
<add key="openid-client-secret" value="{ClientSecret}" />
<add key="openid-discovery-endpoint" value="{DiscoveryEndpointUrl}" />
<add key="openid-callback-url" value="CallbackUrl" />
<!-- 3. Keycloack user role mapping settings: -->
<add key="membership-provider-connection-username" value="admintest" />
<add key="membership-provider-connection-secret" value="1234567" />
How users log in the FintechOS Portal
When accessing the FintechOS Portal, users who have a currently active Keycloak session are logged in automatically. Otherwise, they are displayed the Keycloak single sign-on login page and will use the Keycloak account credentials to log in to the FintechOS Portal.
FintechOS user account automatic synchronization
When a user logs in to FintechOS Portal using Keycloak single sign-on, the first name, last name, and email address stored in the corresponding FintechOS user account are updated automatically based on the Keycloak account settings.