mirror of https://github.com/nocodb/nocodb
Raju Udava
10 months ago
2 changed files with 60 additions and 0 deletions
@ -0,0 +1,59 @@ |
|||||||
|
--- |
||||||
|
title: 'Keycloak' |
||||||
|
description: 'Learn how to configure Keycloak as an identity provider for NocoDB.' |
||||||
|
tags: ['SSO', 'Keycloak', 'SAML'] |
||||||
|
keywords: ['SSO', 'Keycloak', 'SAML', 'Authentication', 'Identity Provider'] |
||||||
|
--- |
||||||
|
|
||||||
|
This article briefs about the steps to configure Keycloak as Identity service provider for NocoDB |
||||||
|
|
||||||
|
### NocoDB, Retrieve `SAML SSO` Configuration details |
||||||
|
1. Go to `Account Settings` |
||||||
|
2. Select `Authentication (SSO)` |
||||||
|
3. Click on `New Provider` button |
||||||
|
4. On the Popup modal, Specify a `Display name` for the provider; note that, this name will be used to display the provider on the login page |
||||||
|
5. Retrieve `Redirect URL` & `Audience / Entity ID`; these information will be required to be configured later with the Identity Provider |
||||||
|
|
||||||
|
![SAML SSO Configuration](/img/v2/account-settings/SSO-1.png) |
||||||
|
![SAML SSO Configuration](/img/v2/account-settings/SAML-2.png) |
||||||
|
![SAML SSO Configuration](/img/v2/account-settings/SAML-3.png) |
||||||
|
|
||||||
|
|
||||||
|
### Keycloak, Configure NocoDB as an Application |
||||||
|
1. Access your Keycloak account |
||||||
|
- navigate to `Clients` menu |
||||||
|
- select `Clients list` tab > Click `Create client` button. |
||||||
|
2. In the `Create Client` modal, `General Settings` tab: |
||||||
|
- Select `SAML` as the `Client type` |
||||||
|
- Specify `Audience/Entity ID` retrieved from NocoDB as the `Client ID` |
||||||
|
- Click `Next` |
||||||
|
3. In the `Create Client` modal, `Login Settings` tab, |
||||||
|
- Specify `Redirect URL` retrieved from NocoDB as the `Valid Redirect URIs` |
||||||
|
- Specify `Redirect URL` retrieved from NocoDB as the `Valid post logout redirect URIs` |
||||||
|
- Click `Save` |
||||||
|
4. On the `Client details`, `Settings` tab, |
||||||
|
- navigate to `SAML Capabilities` section |
||||||
|
- Specify `Name ID format` as `email` |
||||||
|
- Enable `Force Name ID Format` and `Force POST Binding` |
||||||
|
- navigate to `Signature and Encryption` section |
||||||
|
- Enable `Sign Assertions` |
||||||
|
- Click `Save` |
||||||
|
5. On the `Client details`, `Keys` tab, |
||||||
|
- Disable `Signing keys config` > `Client Signature Required` |
||||||
|
6. Navigate to `Realm Settings` > `Endpoints` |
||||||
|
- Copy `SAML 2.0 Identity Provider Metadata` URL |
||||||
|
|
||||||
|
### NocoDB, Configure Azure AD as an Identity Provider |
||||||
|
1. Go to `Account Settings` > `Authentication` > `SAML` |
||||||
|
2. Insert `Metadata URL` retrieved in step above; alternatively you can configure XML directly as well |
||||||
|
3. `Save` |
||||||
|
|
||||||
|
![SAML SSO Configuration](/img/v2/account-settings/SAML-4.png) |
||||||
|
|
||||||
|
For Sign-in's, user should be able to now see `Sign in with <SSO>` option. |
||||||
|
|
||||||
|
![SAML SSO Configuration](/img/v2/account-settings/SSO-SignIn.png) |
||||||
|
|
||||||
|
:::note |
||||||
|
Post sign-out, refresh page (for the first time) if you do not see `Sign in with <SSO>` option |
||||||
|
::: |
Loading…
Reference in new issue