Login into the Dashboard using Keycloak - Guide
Last updated: 2 minutes read.
This is a walk-through of how you can use Keycloak and our (internal/embedded) Tyk Identity Broker (TIB) to log in to your Dashboard. This guide assumes you have existing Keycloak and Tyk Pro Environments.
KeyCloak’s Side
-
In your desired Realm, create a client of OpenID Connect type, and set your desired Client ID.
-
Enable client authentication, then save the client.
-
Retrieve the Secret (from the credentials tab) of the Client you just created. You will need the Client ID and Secret in later steps.
-
Retrieve the discovery endpoint of the realm,
https://<your-keycloak-host-and-realm>/.well-known/openid-configuration
.This is accessible from “Realm Settings” > “General” Tab > OpenID Endpoint Configuration. You will need it in later steps.
Dashboard’s Side… (and a bit of Keycloak)
-
Log in to your Dashboard and select Identity Management, located under System Management
-
Create a profile, give it a name and select “Login to Tyk Dashboard”
-
Set the provider type as “OpenID Connect”
-
Fill in the Client ID, Client Secret and Discovery URL/endpoint from Keycloak (from steps 3 and 4 in Keycloak’s Side)
-
Copy the callback URL from Tyk and then you can click “Create Profile” to save the profile.
-
Go to Keycloak, and paste the callback URL you just copied to “Valid redirect URIs” in the Keycloak Client, and then save the client.
This can be accessed by selecting the “Settings” tab when viewing a Keycloak client.
Test your Keycloak Login
-
From your Identity Management Profiles click the profile you created to open it.
-
Copy the Login URL and paste it into a browser tab
-
You will now see the Keycloak login form.
-
Enter the email address and password of your Keycloak user.
-
You should now be redirected to the Tyk Dashboard and logged in