Keycloak is a built-in user authentication function in Common Services. To configure a link to a non-AD FS identity provider, use Keycloak, which is incorporated in Common Services. To establish a connection to the identity provider, you can use OIDC (OpenID Connect) or SAML (Security Assertion Markup Language) as the federation protocol.
For details on how to use Keycloak and how to configure identity providers, see the relevant documentation. Before accessing the Keycloak documentation, determine the Keycloak version by opening and reading the following file, then refer to the same documentation version.
installation-directory-of-Common-Services/keycloak/version.txt
The workflow for configuring a link to an identity provider other than AD FS consists of the following steps:
-
Preparing the identity provider.
Install the identity provider software so that the identity provider is ready for use.
- Enabling the function for linking with a non-AD FS identity provider
- Registering a non-AD FS identity provider
- Mapping user attributes (Optional)
- Specifying a mapping to a user group
-
Configuring the authentication settings on the identity provider.
Configure the settings required for Common Services user authentication, such as registering Common Services as a relying party.
- Logging in to the Hitachi Ops Center Portal as an identity provider user.
- "Keycloak" refers to the Keycloak interface incorporated in Common Services.
- Users are responsible for configuring identity providers in Keycloak. Any issues that arise between Keycloak and identity providers are outside the scope of our support.
- When you register an identity provider in Keycloak or change settings after registration, Common Services might not run properly depending on the settings. We recommend that you use the csbackup command to back up Common Services in advance. For details, see Backing up Common Services.
- If an identity provider other than AD FS is already linked with Common Services, you cannot link Common Services with AD FS.