Installing and configuring the Web Single Sign-On (Keycloak)

This section covers configurations specific to the use of Keycloak with IMPACT IoT which are not covered in the standard Keycloak documentation.

For standard Keycloak configurations, contact Nokia support.

Use the following steps to install Web Single Sign-On (Keycloak).
  1. Download the Web Single Sign-On (Keycloak) helm chart impact-ckey-2202.0.0.tgz.

    For example: wget https://repo3.cci.nokia.net/artifactory/cd-helm-candidates/impact-ckey-2202.0.0.tgz

  2. Extract the Web Single Sign-On (Keycloak) helm chart.

    For example: tar -xvf impact-ckey-2202.0.0.tgz

  3. Copy the values.yaml file.

    For example: cp impact-ckey/values.yaml deploykeycloak-values.yaml

  4. Update the deploykeycloak-values.yaml file to comment or uncomment the image repo section based on the deployment, for example, on Oracle or MariaDB.

    Update the ingress section for non ssl type of the deployment and hostname as required.

  5. Install the helm chart.

    For example: helm3 install impact-ckey impact-ckey-2202.0.0.tgz -f deploykeycloak-values.yaml --timeout 600s

  6. After the keycloak pods are up and running, access the keycloak management page.
    Note: The default username is admin and the default password can be changed in the override values file.

    For example: http://<hostname>/auth

    Note: IMPACT IoT bundles the password policy and Oracle drivers in the Web Single Sign-On (Keycloak). Nokia recommends to use the out-of-the-box Web Single Sign-On (Keycloak) software.

    For example: impact-ckey-2202.0.0.tgz

Edit the following properties in the deploy.yaml file to enable or disable SSL:

Table 1. Properties to be configured in deploy.yaml file
Properties To enable SSL To disable SSL
proxyAddressForwarding "True" "True"
masterRealmConfigurationJob "False" "False"
storageClass cinder-az-nova cinder-az-nova
keycloakServicePort 8443 8080
annotations
nginx.ingress.kubernetes.io/ssl-redirect "True" "False"
ingress.citm.nokia.com/sticky-route-services $cookie_JSESSIONID|JSESSIONID ip_cookie" "$cookie_JSESSIONID|JSESSIONID ip_cookie"
nginx.ingress.kubernetes.io/ssl-passthrough "True" "False"
nginx.ingress.kubernetes.io/secure-backends True False