[JAVA] Let's take a look at the functions of Keycloak's management console (administrator edition)

What to do today

Keycloak Advent Calendar Day 9 This time, let's take a look at the Keycloak management console.

Keycloak management console

--Administrator functions --User functions (user account service)

there is.

Today, let's take a look at the former "function for administrators".

Advance preparation

Prepare the following as per Day 2 "Keycloak Setup".

--Keycloak environment --Create Keycloak admin and regular users

Management Console Overview

The management console is a function that manages Keycloak settings and users, groups, etc. Go to http: // localhost: 8080 / auth / admin / and log in as an admin user. If you are logged in as a realm administrator, go to http: // localhost: 8080 / auth / admin / realm name / console /. (If you log in as an administrator of the realm "demo", access http: // localhost: 8080 / auth / admin / demo / console /)

image.png

The management console is configured with the menu on the left side of the screen and the settings for the selection menu on the right side.

image.png

Place the cursor over the "?" Mark next to the item name to see a description of the item.

image.png

If you log in as a server administrator, you can switch the target realm in the realm name part at the top left of the screen.

image.png

Now let's look at the settings in the management console.

Management console settings

Realm settings

This screen manages various settings of the realm.

General

This screen is for setting the realm name and display name.

image.png

item name Description Default value
name Realm name. Used for URLs.
Display name レルムDisplay name。ブラウザタイトルに使用される。
HTML display name The realm display name on HTML. Used for the body of the login screen.
Effectiveness レルムEffectivenessフラグ。 on
end point OpenID Connectend pointの設定を表示するリンク。 OpenID Endpoint Configuration

Login

This is the login-related setting screen.

image.png

item name Description Default value
user registration ユーザーによるuser registrationを可能にするかどうか。 off
Edit user name Whether to make the username field editable. off
Forgot password Whether to display a link on the login screen that you click if you forget your password. off
Save login status Whether to display a checkbox to save the login status on the login screen. off
Check your email Whether to enable user verification by email when logging in for the first time. off
Login with email Whether to allow login by email. on
SSL request Whether to require SSL.
Specify one of the following.
All requests
Required.
External request
Required except for localhost and private IP.
None
Not required.
External request

Email

This is the SMTP server setting screen. Keycloak will send you an email when you confirm your email address, forget your password, or when your administrator needs to be notified about server events.

image.png

item name Description Default value
host SMTP server.
port SMTPport。
From Display Name Display name of the sender.
From FromのEメールアドレス。
Reply To Display Name Reply-Display name of to.
Reply To Reply-Email address to.
Envelope From The email address of the envelope From.
SSL enabled Whether SSL is required. off
Enable StartTLS Whether TLS communication is required. off
Authentication enabled Whether authentication is required. off

theme

Keycloak UI theme setting screen.

image.png

item name Description Default value
Login theme The theme to apply to the login screen.
Account theme Account management screen theme.
Management console theme Management console theme.
Email theme Email theme.
Effectiveness of internationalization Whether to enable internationalization. off

client

This is the screen for managing clients. A client is an application that is subject to SSO. OpenID Connect (OIDC) Relying Party (RP), SAML Service Provider (SP), etc. correspond to clients. You can create / change / delete clients, export settings, etc.

image.png

Click the "Create" button at the top right of the screen to display the client registration screen. The client protocol can be "OpenID Connect" or "SAML". Enter the required information and click the "Save" button to move to the details screen.

** When "OpenID Connect" is selected as the client protocol ** image.png

image.png

** When "SAML" is selected as the client protocol ** image.png

image.png

Please refer to Keycloak documentation for a description of each item.

: information_source: There is a "role" setting in the client settings, but this role is called a "client role" and is different from the realm role described later. A realm role has a global namespace within the realm, but a client role basically has its own namespace for each client.

roll

This is the screen for managing roles. You can create / change / delete roles for realms and set default roles.

image.png

image.png

Identity provider

This is the ID provider setting screen. You can enable authentication using an external identity provider or social network.

Details will be written by @ tamura__246 on the 15th day!

image.png

User federation

This is the setting screen for user linkage with the external user database. You can authenticate with "LDAP" or "Active Directory", or synchronize IDs.

Details will be written by @yagiaoskywalker on the 14th day!

image.png

Authentication

This screen manages settings related to authentication. You can set the authentication flow, password policy, etc.

The authentication flow is the setting of authentication, screen, and action that occurs in various Keycloak processes. For example, "At the time of browser authentication, if there is a valid cookie, authentication is OK. If there is no valid cookie, authentication is performed by ID and password." Or "When resetting the password, first display the user ID input screen. You can define the flow according to the process, such as "Display and send a password reset mail next if the user ID is correct."

Details will be written by @naokiiiii on the 12th day!

image.png

image.png

group

This is the screen for managing groups. You can create / change / delete groups and set roles for groups.

image.png

image.png

image.png

user

This is the screen for managing users. You can add / change / delete users, map roles, assign / leave to groups, etc.

image.png

image.png

session

This is the screen for managing sessions. You can see the currently active sessions in the realm.

image.png

Event

This is the event management screen. You can set the event to be saved and refer to the saved event.

image.png

image.png

image.png

import

This is the screen to import the realm settings. You can import about clients, groups, and roles. Import the JSON file.

image.png

When you select a file, a screen for specifying the import behavior is displayed. You can select the data to import and specify the behavior when the data to be imported already exists.

image.png

export

This screen exports the realm settings. Realm settings, clients, groups, roles, etc. are exported. User data is not exported. The JSON file will be output.

image.png

Summary

Roughly, I took a look at the "Management Console". I think that it is relatively easy to use because the displayed contents are in Japanese and the help display of items is also substantial.

For more information, please refer to the help display of the items displayed on the screen and the Keycloak documentation.

Reference material

Recommended Posts

Let's take a look at the functions of Keycloak's management console (administrator edition)
Let's take a look at the functions of Keycloak's management console (user edition), user account service
Let's take a look at the screen of Quant Analyzer!
Let's take a look at the Hotspot JVM startup procedure
[Java] Let's take a look at Switch Expressions (Preview) of JDK 13.
I took a look at the resources of Azure Container Instance
I tried to take a look at the flow of Android development environment construction with Android Studio
A quick look at the Monty Hall problem
A quick look at the Monty Hall problem
Let's take a look at the Hotspot JVM startup procedure
Let's take a look at the screen of Quant Analyzer!
A quick look back at Java over the last five years
Examine the contents of the WAR file generated by the project created by Spring Initializr
A look at Jenkins, OpenJDK 8 and Java 11
Let's take a look at the functions of Keycloak's management console (administrator edition)
Read the file line by line VS read at once
Let's take a look at the functions of Keycloak's management console (user edition), user account service
I took a peek at the contents of Java's HashMap
Take a look at Kotlin from an Effective Java perspective
Why put a line break at the end of the file