Skip to content

Sso

Single Sign-On (SSO)

Metaport is ready for use with Keycloak, an excellent Open Source IAM platform which supports dozens of authentication backends, protocols and authentication flows.

Metaport is Keycloak-ready for OAuth/OIDC using the following configuration.

Environment Variables

The following variables can be seen in-use via the .env.example file available from the Gitlab repository but are reproduced here with terse comments.

  • KEYCLOAK_URL The FQN of your Keycloak server - including scheme and port, e.g. KEYCLOAK_URL=http://192.168.1.244:18080.
  • KEYCLOAK_REALM Keycloak permits segmented authentication boundaries. The default realm is "master", e.g. KEYCLOAK_REALM=master.
  • KEYCLOAK_CLIENT_ID Within a realm, a virtual client is configured to act on behalf of an app, or colletion of apps, e.g. KEYCLOAK_REALM=metaport
  • KEYCLOAK_CLIENT_SECRET This is generated for you by Keycloak upon creating a client, e.g. KEYCLOAK_REALM=ot7cLnLMNboGWGp0MkWjTWEL1ff7F0a9.
  • KEYCLOAK_REDIRECT_URI This is the FQN where the Keycloak client should redirect when logging-in users, e.g. KEYCLOAK_REALM=https://metaport.mydomain.com/oauth/callback.

Tip

Review the development docs to see a Keycloak client example setup to talk to an OpenLDAP server.

Note

With the environent variable KEYCLOAK_REALM set, this will signal to Metaport to hide the registration form, even if the REGISTRATION_ENABLED variable is also set.