Skip to main content

Keycloak Initial Setup (Optional)

note

If you don't have an SSO configuration in place, use Keycloak SSO instead. The following steps outline how to proceed.

To be able to start using Keycloak as your SSO provider, you need to perform the following steps:

  • Create a realm.
  • Create a client.
  • Create a role.
  • Create at least one user.

1. Create a Realm

1.1. Click on the realms dropdown menu, and then click Create realm.

Create Realm step one

1.2. Specify the realm name: you can use any name, for example codetogether. 3. Click Create.

Create Realm final step Create Realm final step

2. Create a Client

note

You must select the realm you just created from the realms dropdown before continuing.

2.2. In the left-hand panel, click Clients, then click Create client.

Create Client

2.3. Specify the client ID: it can be any name, but as a best practice, use the same name as the realm — for example, codetogether — and click Next.

Create Client – General Settings Step

2.4. In the Capability Config section:

  • Client authentication: On
  • Authentication flow: Enable Standard flow and Direct access grants Then click Next.

Create Client – Capability Config Step

2.5. In Login Settings, add the following:

  • Valid Redirect URIs Enter the URI that users will be redirected to after a successful login.

    Example: https://test.edge.codetogether.com/api/v1/auth/sso/success/insights

  • Valid Post Logout Redirect URIs Enter the URI users will be redirected to after logging out. Wildcards are allowed.

    Example: https://test.edge.codetogether.com/*

  • Web Origins Define which origins are allowed for CORS. This should match your application domain (without any path).

    Example: https://test.edge.codetogether.com

note

Make sure these values match what you’ve configured in your cthq.properties file.

Create Client – Login Settings Step

2.6. Click Save.

Create Client – Login Settings Step

3. Create a Role

3.1. In the left-hand panel, click Realm roles, then click Create role.

Create Role

3.1. Specify the role name: cthq_user.

Create Role final step

3.2. Click Save.

Create Role Result

4. Create a User

note

This setup does not include email verification because an email server has not been configured. As a result, each user must have a password manually set.

The final step is to create a user account for each CodeTogether HQ user:

4.1. In the left-hand panel, click Users, then click Add user.

Create User Section

4.2. Fill in the required fields:

  • Username
  • Email
  • Set Email verified to On

Create User Fields Step

Then click Create.

Create User Result

4.3. Switch to the Credentials tab and click Set password.

Create User Set Password Step

4.4. Enter the desired password. Set Temporary to Off.

Create User Password

Then click Save.

Create User Password

4.5. Switch to the Role Mappings tab.

Create User Role Mapping

4.6. Click Assign role, select the cthq_user role. Then click Assign.

Create User Assign Role

You should now see the assigned role under Assigned Roles.

Created User Assign Role