PSKE - How to setup OIDC/2FA on PSKE
4 minute read
- First you need to book your Keycloak instance
- and log in to the web interface with your Admin user access data.
- To do this, call up https://<DNS-Name_of_your_IAM-Keycloak_Server>/ in the address field of your Internet browser, e.g: https://node-65e84464310368a571551616.ps-xaas.io
Step 1
Using the access data previously received in CloudHub, log into the Keycloak under “Administration Console” and click on “Create realm” in the dropdown in the top left-hand corner.
Under “Realm name” we enter a name and confirm with “Create”. The realm (top left) is then automatically changed to the newly created realm.
Step 2
Go to “Clients” in the menu and click “Create client”.
- Select “OpenID Connect” and set a Client ID.
- Press “Next” and activate “Client authentication”.
- Press “Next” again and fill “Valid redirect URIs” with http://localhost:8000 and http://localhost:18000. This is used by kubelogin as a callback when we login with kubectl so a browser window can be opened for us to authenticate with keycloak.
Step 3
Go to “Users” and press the “Add user” button. All fields must be filled in accordingly. Then press “Create”. Keep in mind that you may have to verify the email or just set it to verified in Keycloak. Otherwise the authentication workflow will not work.
Select the “Credentials” tab and click on “Set password” and define a password. Then confirm with “Save”.