On-premises installation
Overview | Software architecture | Download | Deployment | Configuration | Troubleshooting | FAQ | EULAAuthentication | LDAP | SAML 2.0 | Authorisation and role-based access | HTTPS | Amazon Web Services S3 | Elasticsearch
Authentication with Keycloak
Here are some basic instructions for integration with Keycloak. In this example, the Structurizr on-premises installation was running at http://localhost:7080
.
1. Download IdP metadata
Find the realm that you would like authenticate against, and download the SAML metadata by clicking the "SAML 2.0 Identity Provider Metadata" link, saving this as saml-idp-metadata.xml
in your Structurizr data directory.
2. Register the Structurizr on-premises installation
Create a Keycloak "client" to represent the Structurizr on-premises installation.
The "client ID" you use here should be set as the structurizr.saml.entityId
property in your structurizr.properties
file.
After creation, you will need to change the following settings:
- Client Signature Required:
Off
(otherwise you'll see an "Invalid requester" message) - Valid Redirect URIs:
http://localhost:7080/saml/*
(otherwise you'll see an "Invalid redirect URI" message)
3. Add user property mappers
At this point, the integration should be functional, although you won't see the username and groups/roles associated with the user. to do that, you need to add a couple of mappings for the client.