Description
The Keycloak is an open-source identity and access management solution, which provides SAML & OIDC (OpenID Connect) Authentication. Integrating Keycloak with Artifactory provides robust authentication and authorization capabilities for managing access to your repositories. In this article, we'll guide you through the process of configuring Keycloak with Artifactory.
Prerequisites
Before getting started, ensure you have the following prerequisites:
-
Keycloak server is up and running.
-
Artifactory instance is installed and accessible.
-
Administrative access to both Keycloak and Artifactory.
Follow the steps below to configure Artifactory with Keycloak as OAuth SSO authentication provider.
Step 1: Configure Keycloak
1. Log in to KeyCloak’s Administration Console
2. Select a desired realm or create a new one
3. Create a new Client (Client => Create Client)
4. Change the client type to “Open ID Connect”, select a unique Client ID (i.e “testoauth”), and click "Next"
5. After clicking “Next”, we will be directed to “Capability Config” where we need to Enable “Client Authentication”, “Standard Flow” & “Service accounts roles”. Then, click on the “Next” button to move forward
6. After clicking “Next”, we will be directed to “Login Settings”. We can enter http(s)://artURL:port/ui/login in “Home URL”, http(s)://artURL:port/artifactory/api/oauth2/loginResponse/* in “Valid redirect URIs” and /* in “Web origins”. Save the configuration to proceed further
7. After clicking “Save”, we will be presented with the newly created Client’s settings page. Navigate to the “Credentials” tab and copy the “Client Secret” (this will be used later in Artifatory’s OAuth SSO’s Secret)
8. Now, go to “Realm settings” and click on “OpenID Endpoint Configuration”. This will redirect to a page that lists all the required endpoints to be used on the Artifactory’s OAuth SSO side
Step 2: Configure Artifactory
1. Login as Admin user, navigate to Administration Panel => Authentication Providers => OAuth SSO => Click on Create New Provider in the top right corner. You will be presented with the OAuth SSO Configuration page.
2. Enter “Provider Name” as KeyCloak, “Provider Type” as OpenID, “Client ID” as testoauth (Client which we created in KeyCloak), and in “Secret” paste the Client Secret which we copied from “Credentails” tab (refer to Step 7 of In KeyCloak)
3. Enter the following details and click on the Save option
Auth URL:
“https://keycloakURL:port/realms/<realm-name>/protocol/openid-connect/auth”
API URL:
“https://keycloakURL:port/realms/<realm-name>/protocol/openid-connect/userinfo”
Token URL:
“https://keycloakURL:port/realms/<realm-name>/protocol/openid-connect/token”
4. Now we have OAuth SSO (OpenID) configured with KeyCloak (OpenID). We can click the sign-in with “KeyCloak” button to log into Artifactory
5. After clicking on “KeyCloak” button, you will be redirected to KeyCloak’s login page, pass the user credentials and you will be logged into Artifactory
Conclusion
Integrating Keycloak with Artifactory provides a robust solution for managing authentication and authorization in your software development environment. By following the steps outlined in this article, you can effectively configure Keycloak with Artifactory, ensuring secure access to your repositories while maintaining granular control over user permissions.
Related Links: