mirror of https://github.com/nocodb/nocodb
Raju Udava
9 months ago
2 changed files with 60 additions and 0 deletions
@ -0,0 +1,59 @@
|
||||
--- |
||||
title: 'Keycloak' |
||||
description: 'Learn how to configure Keycloak as an identity provider for NocoDB.' |
||||
tags: ['SSO', 'Keycloak', 'SAML'] |
||||
keywords: ['SSO', 'Keycloak', 'SAML', 'Authentication', 'Identity Provider'] |
||||
--- |
||||
|
||||
This article briefs about the steps to configure Keycloak as Identity service provider for NocoDB |
||||
|
||||
### NocoDB, Retrieve `SAML SSO` Configuration details |
||||
1. Go to `Account Settings` |
||||
2. Select `Authentication (SSO)` |
||||
3. Click on `New Provider` button |
||||
4. On the Popup modal, Specify a `Display name` for the provider; note that, this name will be used to display the provider on the login page |
||||
5. Retrieve `Redirect URL` & `Audience / Entity ID`; these information will be required to be configured later with the Identity Provider |
||||
|
||||
![SAML SSO Configuration](/img/v2/account-settings/SSO-1.png) |
||||
![SAML SSO Configuration](/img/v2/account-settings/SAML-2.png) |
||||
![SAML SSO Configuration](/img/v2/account-settings/SAML-3.png) |
||||
|
||||
|
||||
### Keycloak, Configure NocoDB as an Application |
||||
1. Access your Keycloak account |
||||
- navigate to `Clients` menu |
||||
- select `Clients list` tab > Click `Create client` button. |
||||
2. In the `Create Client` modal, `General Settings` tab: |
||||
- Select `SAML` as the `Client type` |
||||
- Specify `Audience/Entity ID` retrieved from NocoDB as the `Client ID` |
||||
- Click `Next` |
||||
3. In the `Create Client` modal, `Login Settings` tab, |
||||
- Specify `Redirect URL` retrieved from NocoDB as the `Valid Redirect URIs` |
||||
- Specify `Redirect URL` retrieved from NocoDB as the `Valid post logout redirect URIs` |
||||
- Click `Save` |
||||
4. On the `Client details`, `Settings` tab, |
||||
- navigate to `SAML Capabilities` section |
||||
- Specify `Name ID format` as `email` |
||||
- Enable `Force Name ID Format` and `Force POST Binding` |
||||
- navigate to `Signature and Encryption` section |
||||
- Enable `Sign Assertions` |
||||
- Click `Save` |
||||
5. On the `Client details`, `Keys` tab, |
||||
- Disable `Signing keys config` > `Client Signature Required` |
||||
6. Navigate to `Realm Settings` > `Endpoints` |
||||
- Copy `SAML 2.0 Identity Provider Metadata` URL |
||||
|
||||
### NocoDB, Configure Azure AD as an Identity Provider |
||||
1. Go to `Account Settings` > `Authentication` > `SAML` |
||||
2. Insert `Metadata URL` retrieved in step above; alternatively you can configure XML directly as well |
||||
3. `Save` |
||||
|
||||
![SAML SSO Configuration](/img/v2/account-settings/SAML-4.png) |
||||
|
||||
For Sign-in's, user should be able to now see `Sign in with <SSO>` option. |
||||
|
||||
![SAML SSO Configuration](/img/v2/account-settings/SSO-SignIn.png) |
||||
|
||||
:::note |
||||
Post sign-out, refresh page (for the first time) if you do not see `Sign in with <SSO>` option |
||||
::: |
Loading…
Reference in new issue