Keycloak authentications configurations

Keycloak Logging

  1. Navigate to the Keycloak admin console in the browser at https://keycloak.YOURDOMAIN.COM and login with the labelboxAdmin admin user and the default password labelboxAdmin.
  2. Navigate to Events on the left hand menu
    a. Select Config on the top-level navigation bar
    b. Under Login Events Settings, set Save Events to ON
    c. Click Save
  3. Exit the Keycloak admin console

Keycloak AD federations

📘

More information on Keycloak

There is a lot more information on the Internet on how to use Keycloak for your specific scenario. Here is one such site https://medium.com/@yasithkumara/active-directory-as-a-user-federation-in-keycloak-926fd7cc3256

  1. Navigate to the Keycloak admin console in the browser at https://keycloak.YOURDOMAIN.COM and login with the labelboxAdmin admin user and the default password labelboxAdmin.
  2. Make sure you are in the Labelbox realm shown on the menu in the top left.
  3. Click on the User Federation menu on the left menu bar
  4. Select the ldap provider.
  5. On the configuration menu now deselect Import Users.
  6. Change Edit Mode to READ_ONLY or to suit your organization’s needs.
  7. Select the vendor for Active Directory
  8. Add the Connection URL, Users DN, BIND DN, and Bind Credential.
  9. Change Search Scope to Subtree if needed.
  10. Press the Test connection button to validate connection setup
  11. Press the Test authentication button to validate the Bind credential.
  12. Scroll down to the Cache Settings and click to open the menu.
  13. Change the login Cache Policy to suit your organization’s needs.
  14. Finally, click Save and test an AD user login to https://app.YOURDOMAIN.COM

Keycloak configuration

  1. Login to configure Keycloak with your browser and complete the Labelbox realm setup:
    a. Keycloak UI: https://keycloak.YOURDOMAIN.COM
    b. Browse to the Keycloak UI, click on the 'Administration Console', and login with the Keycloak user credentials from previous steps.
  2. Make sure the 'Labelbox' realm is selected in the very top left menu and select the 'Users' menu.
    a. Here you can directly create users for the Labelbox application.
    b. NOTE: The first user to login to the https://app.YOURDOMAIN.COM is a Labelbox admin by default. All keycloak integrated users must have an email address, username, and password assigned.
    Temporary passwords are not currently supported by Labelbox Customer-managed infra with Keycloak users.
    c. You can configure the Keycloak UI https://keycloak.YOURDOMAIN.COM 'Labelbox' realm for Windows Server Active Directory:
    See: Keycloak AD Configuration
    d. Note: Keycloak supports LDAP or Kerberos user federation in the 'User Federation' menu, or OpenID Connect/SAMLv2/social network identity provider integration in the 'Identity Providers' menu. Please refer to keycloak and 3rd party documentation for integration configuration.

Did this page help you?