Overview

YOUnite supports two authentication mechanisms: SAML and Open ID Connect. This guide shows how to set up Keycloak with Open ID Connect to work with Open MDM. This document does not detail how to install Keycloak itself, just how to configure it to work with YOUnite.

...

Descriptions of each property are below in the comments:

API Configuration

#
# Open ID Connection information. Only required if this authentication method is going to be used.
#
# openmdm.api.url = URL to the public endpoint for the Open MDM API. Required for a redirect after authentication is completed.
# oidc.discovery.document.url = the URL of the discovery document with Open ID Configuration
# oidc.client.id = Client ID
# oidc.client.secret = Client Secret
# oidc.scope = scope to pass to the auth server. this typically contains openid and the sso attribute we need, ie "openid email".
# oidc.sso.attribute = attribute to map to SSO ID in the system, for example email. this should be specified in the scope above.
# oidc.issuer = expected value for "issuer" of the Open ID token. optional, but if specified will be validated.
# oidc.successful.login.url = URL to send the user to when they successfully authenticate (such as the UI dashboard)


# local keycloak configuration
openmdm.api.url=https://openmdm.dev.ccctechcenter.org/api
oidc.discovery.document.url=http://localhost:88008080/auth/realms/openmdm/.well-known/openid-configuration
oidc.client.id=openmdm
oidc.client.secret=d50e1d6c-ccec-40e8-84bd-b6b1df0d2d17
oidc.scope=openid email
oidc.sso.attribute=email
oidc.issuer=http://localhost:8080/auth/realms/openmdm
oidc.successful.login.url=https://openmdm.dev.ccctechcenter.org/dashboard

UI Configuration

The SSO URL will need to be updated on the UI to direct to the new authentication which is /api/openid/login

...