1 of 1

Keycloak Setup

Keycloak console is available at https://<host-name>/auth. The Ops team will provide the username and password secrets.

Import Realm

Open the Keycloak console
Near the top-left corner in the realm drop-down menu, select Add Realm
Select the ifix-realm.json file
After the realm gets created, select the ifix realm from the drop-down near the top-left corner

Remember to select the ifix realm from the Keycloak console before proceeding
From the Clients section of Keycloak Admin Console, create a client
Provide a unique username for the client
Go to the client's settings
Change Access Type to confidential
Turn on Service Account Enabled
In the Valid Redirect URIs field provide the root URL of the iFIX Instance (Not important for our purposes but need to set it because it is mandatory)
And Save these changes
In the Service Account Roles tab, assign the role "fiscal-event-producer"
In the Mappers tab, create a new mapper to associate the client with a tenantId
1. Select Mapper Type to be "Hardcoded claim"
2. In Token Claim Name, write "tenantId"
3. In Claim value, write the under which the client is being created. (For example, "pb")
4. Set Name same as Token Claim Name i.e. "tenantId"
5. Select Claim Json Type to be "String"

Now you can get the credentials from the Credentials tab and configure them in the client's system.

Keycloak console is available at https://<host-name>/auth. The Ops team will provide the username and password secrets.

Open the Keycloak console
Near the top-left corner in the realm drop-down menu, select Add Realm
Select the ifix-realm.json file
After the realm gets created, select the ifix realm from the drop-down near the top-left corner

Remember to select the ifix realm from the Keycloak console before proceeding
From the Clients section of Keycloak Admin Console, create a client
Provide a unique username for the client
Go to the client's settings
Change Access Type to confidential
Turn on Service Account Enabled
In the Valid Redirect URIs field provide the root URL of the iFIX Instance (Not important for our purposes but need to set it because it is mandatory)
And Save these changes
In the Service Account Roles tab, assign the role "fiscal-event-producer"
In the Mappers tab, create a new mapper to associate the client with a tenantId
1. Select Mapper Type to be "Hardcoded claim"
2. In Token Claim Name, write "tenantId"
3. In Claim value, write the under which the client is being created. (For example, "pb")
4. Set Name same as Token Claim Name i.e. "tenantId"
5. Select Claim Json Type to be "String"

Now you can get the credentials from the Credentials tab and configure them in the client's system.

All content on this page by eGov Foundation is licensed under a Creative Commons Attribution 4.0 International License.