keycloak
Keycloak
- Select/create a Realm and Client. Select a Client and visit Settings.
- Client Protocol: openid-connect
- Access Type: confidential
- Standard Flow Enabled: On
- Configure Valid Redirect URIs.
- Save.
- Visit Credentials. Select Client ID and Secret and note the generated secret.
OpenBao setup
Configure the auth plugin in OpenBao
bao write auth/oidc/config \
oidc_client_id="${KEYCLOAK_CLIENT_ID}" \
oidc_client_secret="${KEYCLOAK_CLIENT_SECRET}" \
oidc_discovery_url="https://${KEYCLOAK_PUBLIC_URL}/auth/realms/${KEYCLOAK_REALM}"