Skip to content

Configuring an External Keycloak

SEAL Systems products use Keycloak as standard identity provider. Keycloak contains various client configurations for PLOSSYS Output Engine and SEAL Operator.

If you prefer to use an external Keycloak, you have to configure your external Keycloak for working with SEAL Systems products.

Preparation

  1. Install Keycloak.

  2. Get a private key/certificate pair from your system administration.

Adding the SEAL Realm

  1. In your Web browser, open the Keycloak Administration Console.

  2. Log on with your user name and password.

  3. Open the Manage realms menu on the left.

    Create realm

  4. Open the Create realm dialog.

  5. In the Create realm dialog, enter SEAL as realm name and confirm with Create.

    create realm dialog

Adding a Key/Certificate Pair

  1. In the list, select the SEAL realm.

  2. In the Realm settings menu on the left, select the Keys tab and then the Add providers tab.

    realm settings providers

  3. Open the Add provider dialog and select rsa as keystore type.

  4. In the new dialog, add the new key/certificate pair by entering the required data:

    • add the name of the provider

    • select a priority higher than 100

    • upload both, key and certificate file.

    add key cert

  5. Save the settings.

Adding SEAL Clients

  1. Select the Clients menu item and configure the clients for the created SEAL realm in the identity provider. Finally, it has to look like this:

    Client list

    1. easyPRIMA:

      1. Create an easyPRIMA client entry by clicking on Create in the right upper corner of the client list and enter seal-easyprima as client id. Confirm with Save.

      2. Enter the client configuration data as shown in the picture below:

        easyPRIMA

    2. PLOSSYS Administrator:

      1. Create a PLOSSYS Administrator client entry by clicking on Create in the right upper corner of the client list and enter seal-plossysadmin as client id. Confirm with Save.

      2. Enter the client configuration data as shown in the picture below, but replace localhost by the real PLOSSYS Output Engine host name.

        seal-plossysadmin

    3. PLOSSYS CLI:

      1. Create a PLOSSYS CLI entry by clicking on Create in the right upper corner of the client list and enter seal-plossyscli as client id. Confirm with Save.

      2. Enter the client configuration data as shown in the picture below:

        seal-plossyscli

    4. PLOSSYS DocPrint:

      1. Create a PLOSSYS DocPrint client entry by clicking on Create in the right upper corner of the client list and enter seal-mobile-print as client id. Confirm with Save.

      2. Enter the client configuration data as shown in the picture below:

        seal-mobile-print

    5. SEAL OP-CLI:

      1. Create a SEAL OP-CLI client entry by clicking on Create in the right upper corner of the client list and enter seal-opcli as client id. Confirm with Save.

      2. Enter the client configuration data as shown in the picture below:

        SEAL OP-CLI

    6. SEAL Operator:

      1. Create an Operator client entry by clicking on Create in the right upper corner of the client list and enter operator as client id. Confirm with Save.

      2. Enter the client configuration data as shown in the picture below:

        operator

  2. Provide the following data to set up SEAL Operator and PLOSSYS Output Engine clients:

    • issuer url

    • issuer name

    • all client id's

    • all client secrets

    Usually you do this part of the configuration by environment variables on the client side. You will find an example in Configuring Other Identity Providers.

Back to top