Enabling Keycloak as an OIDC provider for Connections
Single sign-on is accomplished by setting up a trust relationship between the Connections server and Keycloak using the IBM WebSphere OpenID Connect Relying Party Trust Association Interceptor (OIDC Relying Party TAI).
For background on OIDC (OpenID Connect), you can see these topics in the IBM documentation for WebSphere Application Server:
Enabling Keycloak as an OIDC Provider for Connections in Connections involves completing three major steps:
- Configuring Keycloak as an OIDC Provider for Connections
- Updating WebSphere to support Keycloak OIDC Authentication for Connections
- Configuring Connections to support Keycloak
Note: You will use values from the Keycloak configuration when configuring the WebSphere TAI and other WebSphere Global Security configurations.
- Configuring Keycloak as an OIDC Provider for Connections
Configuring Keycloak as the OIDC provider for Connections involves a set of configurations that need to be carried out.
- Updating WebSphere to support Keycloak OIDC Authentication for Connections Single sign-on is accomplished by setting up a trust relationship between the Connections server and Keycloak using the WebSphere OpenID Connect Relying Party Trust Association Interceptor (OIDC Relying Party TAI).
- Configuring Connections to support Keycloak OIDC Authentication
Update HCL Connections configuration files to add the properties needed to support Keycloak OIDC authentication.
Parent topic: Configuring single sign-on