# KeyCloak

### KeyCloak as Identity Provider

To use KeyCloak as an Auth Provider, you must install and maintain an own installation of KeyCloak. A docker installation is fast achieved.

<https://www.keycloak.org/getting-started/getting-started-docker>

In KeyCloak you have to set up first a "Realm". This is a tenant within KeyCloak. Select (or create) your Realm with the top left corner menu.

In your Realm, you can then create and configure a Client. We show here the most minimal configuration to enable Sign in and Sign up with KeyCloak for OpenFlower.

### Setup a KeyCloak Client

Choose a name and id for your Client.

<figure><img src="/files/Z89De2Pji9jnqE5GbsA2" alt=""><figcaption></figcaption></figure>

Make sure the "Standard Flow" is activated, as also "Client authentication" and "Authorization". Only when checked these options, KeyCloak will issue the needed Client-Secret.

<figure><img src="/files/F8xh8cFGTJ8vso6EJWu5" alt=""><figcaption></figcaption></figure>

Configure the OpenFlower redirect URLs.

{% hint style="info" %}
For the cloud, the "Valid redirect URI" is <https://prod-us1.openflower.org>
{% endhint %}

<figure><img src="/files/qawF9F8UOKecmXOkRjzp" alt=""><figcaption></figcaption></figure>

After the setup, you can now look for the generated Client-Secret.

<figure><img src="/files/idDVYp4hAhLodPqIUj12" alt=""><figcaption><p>copy the Client Secret for the setup of KeyCloak as Auth Provioder in OpenFlower</p></figcaption></figure>

Check the Settings to make sure the right capabilities are activated...

<figure><img src="/files/Wrf4bGprvDiDgP989aqS" alt=""><figcaption></figcaption></figure>

### KeyCloak as OpenFlower Auth Provider

in OpenFlower, go to Settings > OAuth Provider and select "KeyCloak" in the "Add OAuth Provider Dialogue"

<figure><img src="/files/3aBhK4c6pHrhBHKix5Bz" alt=""><figcaption></figcaption></figure>

Now you can enter all settings for KeyCloak

{% hint style="info" %}
Instance ID is the Base URL of your KeyCloak Installation
{% endhint %}

<figure><img src="/files/tz3gn3soPA0WwKs3tMOP" alt=""><figcaption></figcaption></figure>

You can also change settings later.

<figure><img src="/files/DVL4xdCQGaumYqkgJ419" alt=""><figcaption></figcaption></figure>

{% hint style="warning" %}
The minimal scope to setup is "offline\_access openid".
{% endhint %}

Thats it! Now you can use KeyCloak to offer your Users to Sign in and Sign up with KeyCloak.

<figure><img src="/files/nBlXdvTZZzK4ATY9RGWu" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/zvVxVe65sIrErgpxorUH" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.openflower.org/workspaces-and-teamwork/oauth/keycloak.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.