Keycloak support for SSO authentication

Keycloak is an open-source identity and Access Management solution designed for modern applications and services.

This section explains how to perform single sign-on for users in Keycloak with the Bold Reports® application using Open ID Connect.

How to register the Bold Reports® application in Keycloak

NOTE: This configuration has to be done on the Keycloak website.

Prerequisites

  • An admin account in Keycloak.
  • Install the Bold Reports® application.

Steps to register the Bold Reports® application

  1. Log in to the Keycloak website with an admin account.

    keycloak-admin-console

  2. Navigate to the Security admin console, then to the Clients page, and select the Create client option.

    keycloak-create-client

  3. On the Create Client page, enter the client ID and select the openid-connect as the client protocol. Then, configure the required settings as shown in the below images and save the changes:

    keycloak-create-client

    keycloak-create-client

    keycloak-login

  4. Once the client has been created, you can make updates in the settings section.

    keycloak-settings

Implicit Flow Enabled On
Valid redirect URIs URL Format: https://{domain}/signin-oidc

Example: https://example.com/signin-oidc

Note: The Redirect URI is found under the OpenID Connect settings of your Bold Reports® application, as in the following screenshot.

Note: When configuring the access type, you can set it to confidential. After successful registration with Keycloak, save these settings in the Bold Reports® settings page to enable this authentication.

Enable Keycloak authentication support in Bold Reports®

Configure the settings in Bold Reports® as shown in the following screenshots to enable the authentication using Keycloak.

keycloak-report-settings

keycloak-report-save

The fields required to be saved in Bold Reports® to enable Keycloak for authentication are explained as follows:

Enable Open ID Connect Enabled
Provider Name It represents the name of the authentication provider to be displayed on the login page.
Provider Logo It represents the logo of the authentication provider to be displayed on the login page.
Authority It must be the URL of your Keycloak instance.

URL format: https://{host}/auth/realms/{realm}

Note:The Authority URL only accepts HTTPS, and Keycloak should be configured in HTTPS.
Client ID The client ID is the one you get after registering the Bold Reports® application on the Keycloak website.

Note: Client IDs are available on the Clients page of the Keycloak website.
Client Secret The client secret is the one you get after registering the Bold Reports® application on the Keycloak website.

Note: Client secrets are available in the Credentials section of the Client Details page.
Identifier The Bold Reports® application requires an email address to login to the application.

So, please set the identifier as the email.

Note: All accounts in Keycloak should have a valid email address.
Logout Endpoint It is the endpoint on the Keycloak website that signs the user out.

Login with Keycloak

  1. Go to the login page and select the Keycloak option to log in.

    keycloak-report-login

  2. Fill in the username and password on the Keycloak login screen and sign in.

    keycloak-initial-login