Red Hat SummitEste conteúdo não está disponível no idioma selecionado.
Chapter 2. Red Hat single sign-on and Red Hat build of Keycloak for the 3scale API Management Admin Portal
This guide provides information about how to configure and use Red Hat single sign-on and Red Hat build of Keycloak with the 3scale API Management Admin Portal.
2.1. Enable Red Hat single sign-on, Red Hat build of Keycloak or Auth0 member authentication
3scale supports single sign-on (SS0) authentication for your members and administrators.
The 3scale Admin Portal supports the following SSO providers, each which support a number of identity brokering and member federation options:
You can enable multiple SSO member authentication types.
Only users that have been added to Red Hat single sign-on, Red Hat build of Keycloak or Auth0 will be able to access your 3scale Admin Portal through SSO. If you want to further restrict the access by either roles or user groups you should refer to the corresponding step by step tutorials on the Red Hat single sign-on, Red Hat build of Keycloak or Auth0 support portals.
Once you have established SSO through your chosen provider, you must configure it and enable it on the 3scale Admin Portal.
2.1.1. Single sign-on prerequisites
- A single sign-on instance and realm configured as described under the Developer Portal authentication section of the documentation.
2.1.2. Auth0 prerequisites
- An Auth0 Subscription and account.
2.1.3. Enable Red Hat single sign-on
As an administrator, perform the following steps in the 3scale Admin Portal to enable Red Hat single sign-on, Red Hat build of Keycloak or Auth0:
- Ensure your preferred SSO provider, highlighted in the prerequisites, is properly configured.
Navigate to SSO Integrations in the Account Settings:
- Click the gear icon in the upper right corner of the page
- Navigate to Account Settings (gear icon) > Users > SSO Integrations, and click Create a new SSO integration.
- Select your SSO provider from the dropdown list.
Enter the required information, provided when you configured your SSO:
- Client
- Client Secret
- Realm or Site
- Click Create Authentication Provider
If, during testing, you encounter a callback URL mismatch, add the callback URL shown in the error message to your Auth0 allowed callback URLs.
2.2. Using Red Hat single sign-on and Red Hat build of Keycloak with 3scale API Management
Once you have configured SSO, members can sign on using the account credentials in connected Identity Providers (IdPs).
Follow these steps to log in to the 3scale API Management Admin Portal using SSO:
Navigate to your 3scale login page:
https://<organization>-admin.3scale.net/p/login
https://<organization>-admin.3scale.net/p/loginCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Authorize 3scale with your IdP
- If necessary, complete sign up by entering any needed information
Once you successfully sign up, you will have a member account under the application programming interface (API) provider organization, and you will be automatically logged in.
2.3. Redirecting a 3scale login to a Red Hat single sign-on or Red Hat build of Keycloak option
This section describes the redirection to an IdP login window via Red Hat single sign-on. As a 3scale API Management administrator, complete these steps to have your 3scale account accessible through an optional SSO login page.
2.3.1. Prerequisites
- 3scale 2.15
- A Red Hat single sign-on or Red Hat build of Keycloak instance and realm configured as described under the Configuring Red Hat single sign-on section of the Developer Portal documentation.
Before you can integrate Red Hat single sign-on and Red Hat build of Keycloak with 3scale, you must have a working Red Hat single sign-on or Red Hat build of Keycloak instance. Refer to the Red Hat single sign-on documentation for installation instructions: Installing Red Hat single sign-on 7.6 or Red Hat build of Keycloak 24.0 Server guide.
2.3.2. Required steps
- Access and follow the instructions for setting up Red Hat single sign-on under the Red Hat single sign-on and Red Hat build of Keycloak for the 3scale Admin Portal section of the 3scale documentation.
Provide your Red Hat single sign-on or Red Hat build of Keycloak administrator with your 3scale URL that will form the basis for a redirect within single sign-on for your secure logon. Use the following URL format:
https://<organization>-admin.3scale.net/auth/<system_name>/bounce
https://<organization>-admin.3scale.net/auth/<system_name>/bounceCopy to Clipboard Copied! Toggle word wrap Toggle overflow <system_name>can be fetched via the SSO Integration detail page of the Admin Portal:https://<organization>.3scale.net/p/admin/account/authentication_providers/<ID>
https://<organization>.3scale.net/p/admin/account/authentication_providers/<ID>Copy to Clipboard Copied! Toggle word wrap Toggle overflow keycloak_0123456aaaaacan also be found via the SSO Integration detail page in theCallback URL for OAuth flow testfield, which looks like the following:https://<organization>.3scale.net/auth/keycloak_0123456aaaaa/callback
https://<organization>.3scale.net/auth/keycloak_0123456aaaaa/callbackCopy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}