Browse Source

docs: keycloak

pull/7575/head
Raju Udava 10 months ago
parent
commit
694f7e5eb9
  1. 1
      packages/noco-docs/docs/140.account-settings/040.authentication/010.overview.md
  2. 59
      packages/noco-docs/docs/140.account-settings/040.authentication/030.SAML-SSO/050.keycloak.md

1
packages/noco-docs/docs/140.account-settings/040.authentication/010.overview.md

@ -33,6 +33,7 @@ Please follow the details in the article below to integrate with various popular
2. [Auth0](SAML-SSO/auth0) 2. [Auth0](SAML-SSO/auth0)
3. [Ping Identity](SAML-SSO/ping-identity) 3. [Ping Identity](SAML-SSO/ping-identity)
4. [Active Directory](SAML-SSO/azure-ad) 4. [Active Directory](SAML-SSO/azure-ad)
5. [Keycloak](SAML-SSO/keycloak)
### OpenID Connect (OIDC) ### OpenID Connect (OIDC)
The OpenID Connect (OIDC) protocol is a modern authentication layer built on top of the OAuth 2.0 framework, designed to address user authentication and authorization challenges in web and mobile applications. OIDC provides a standardized and secure way for applications to verify the identity of end-users. Leveraging JSON Web Tokens (JWTs), OIDC enables the exchange of user identity information between the identity provider (IdP) and the Service provider, typically a web application. The OpenID Connect (OIDC) protocol is a modern authentication layer built on top of the OAuth 2.0 framework, designed to address user authentication and authorization challenges in web and mobile applications. OIDC provides a standardized and secure way for applications to verify the identity of end-users. Leveraging JSON Web Tokens (JWTs), OIDC enables the exchange of user identity information between the identity provider (IdP) and the Service provider, typically a web application.

59
packages/noco-docs/docs/140.account-settings/040.authentication/030.SAML-SSO/050.keycloak.md

@ -0,0 +1,59 @@
---
title: 'Keycloak'
description: 'Learn how to configure Keycloak as an identity provider for NocoDB.'
tags: ['SSO', 'Keycloak', 'SAML']
keywords: ['SSO', 'Keycloak', 'SAML', 'Authentication', 'Identity Provider']
---
This article briefs about the steps to configure Keycloak as Identity service provider for NocoDB
### NocoDB, Retrieve `SAML SSO` Configuration details
1. Go to `Account Settings`
2. Select `Authentication (SSO)`
3. Click on `New Provider` button
4. On the Popup modal, Specify a `Display name` for the provider; note that, this name will be used to display the provider on the login page
5. Retrieve `Redirect URL` & `Audience / Entity ID`; these information will be required to be configured later with the Identity Provider
![SAML SSO Configuration](/img/v2/account-settings/SSO-1.png)
![SAML SSO Configuration](/img/v2/account-settings/SAML-2.png)
![SAML SSO Configuration](/img/v2/account-settings/SAML-3.png)
### Keycloak, Configure NocoDB as an Application
1. Access your Keycloak account
- navigate to `Clients` menu
- select `Clients list` tab > Click `Create client` button.
2. In the `Create Client` modal, `General Settings` tab:
- Select `SAML` as the `Client type`
- Specify `Audience/Entity ID` retrieved from NocoDB as the `Client ID`
- Click `Next`
3. In the `Create Client` modal, `Login Settings` tab,
- Specify `Redirect URL` retrieved from NocoDB as the `Valid Redirect URIs`
- Specify `Redirect URL` retrieved from NocoDB as the `Valid post logout redirect URIs`
- Click `Save`
4. On the `Client details`, `Settings` tab,
- navigate to `SAML Capabilities` section
- Specify `Name ID format` as `email`
- Enable `Force Name ID Format` and `Force POST Binding`
- navigate to `Signature and Encryption` section
- Enable `Sign Assertions`
- Click `Save`
5. On the `Client details`, `Keys` tab,
- Disable `Signing keys config` > `Client Signature Required`
6. Navigate to `Realm Settings` > `Endpoints`
- Copy `SAML 2.0 Identity Provider Metadata` URL
### NocoDB, Configure Azure AD as an Identity Provider
1. Go to `Account Settings` > `Authentication` > `SAML`
2. Insert `Metadata URL` retrieved in step above; alternatively you can configure XML directly as well
3. `Save`
![SAML SSO Configuration](/img/v2/account-settings/SAML-4.png)
For Sign-in's, user should be able to now see `Sign in with <SSO>` option.
![SAML SSO Configuration](/img/v2/account-settings/SSO-SignIn.png)
:::note
Post sign-out, refresh page (for the first time) if you do not see `Sign in with <SSO>` option
:::
Loading…
Cancel
Save