Skip to main content

keycloak

Keycloak

  1. Select/create a Realm and Client. Select a Client and visit Settings.
  2. Client Protocol: openid-connect
  3. Access Type: confidential
  4. Standard Flow Enabled: On
  5. Configure Valid Redirect URIs.
  6. Save.
  7. Visit Credentials. Select Client ID and Secret and note the generated secret.

OpenBao setup

Configure the auth plugin in OpenBao

bao write auth/oidc/config \
oidc_client_id="${KEYCLOAK_CLIENT_ID}" \
oidc_client_secret="${KEYCLOAK_CLIENT_SECRET}" \
oidc_discovery_url="https://${KEYCLOAK_PUBLIC_URL}/auth/realms/${KEYCLOAK_REALM}"