How to configure Keycloak for access for AidboxUI

This guide shows how to set-up Keycloak identity provider with Aidbox

Create a realm

  • Click on the dropdown in the top-left corner where it says Master, then click on Create Realm\

    Keycloak Create Realm dropdown

  • Pul the name of your realm to the Realm name input

    Keycloak Realm name input

Create a client

  • Click the Clients menu item in the left sidebar
Keycloak Clients menu

  • Then click the Create client button\

    Keycloak Create client button

  • Enter the client data\

    Keycloak client configuration form

  • Check the Client authentication checkbox\

    Keycloak Client authentication checkbox

  • Add <aidbox-url>/auth/callback/keycloak to Valid redirect URIs field.\

    Keycloak Valid redirect URIs field

Create IdentityProvider in Aidbox

  • Open REST console in AidboxUI and create IdentityProvider resource
POST /IdentityProvider

scopes:
  - profile
  - openid
system: keycloak
authorize_endpoint: <keycloak-url>/realms/<your-realm>/protocol/openid-connect/auth
token_endpoint: <keycloak-url>/realms/<your-realm>/protocol/openid-connect/token
userinfo_endpoint: <keycloak-url>/realms/<your-realm>/protocol/openid-connect/userinfo
userinfo-source: id-token | userinfo-endpoint
client:
  id: <your client id>
  secret: <your client secret>
resourceType: IdentityProvider
title: Keycloak
active: true
id: keycloak

You can find client secret on Clients details page under Credentials tab

Keycloak Client credentials tab

Login into Aidbox

Go to your Aidbox base URL, you will be redirected to the login page - you should see "Log in with Keycloak" button. Press this button and log in with Keycloak user into aidbox. This user will be logged into Aidbox Console, but without any permissions. Read more in Access Control Section about permissions.