Access the Keycloak admin console

Manage organization, identity, and projects from Keycloak
Read time 1 minuteLast updated a month ago

About Keycloak

Unity Virtual Private Cloud includes an identity provider and broker component based on Keycloak. Keycloak includes these major capabilities:
  • Authentication and authorization
  • Storage of information about entities that is required for access control, for example, for users, service accounts, the organization, and projects
Keycloak is included in the above deployment, but you must perform customer-specific postdeployment tasks and administration tasks.

Access Keycloak

From Amazon Web Services (AWS)

To access the Keycloak admin console from a browser, enter a URL in this format:
https://<domain_name>/admin/master/console/
The default user is admin. To retrieve the password, run this command:
kubectl get -n asset-solutions secret keycloak -o jsonpath="{.data.admin-password}" | base64 --decode

From Microsoft Azure

In Keycloak, the predefined unity realm stores all the settings and objects that are related to Virtual Private Cloud. When you open the Keycloak admin console, switch to the unity realm.

Prerequisites for the first access

This step is required only the first time you access the Keycloak admin console. Initialize the AKS cluster credentials on the administrator's machine. Refer to the procedure in the Azure documentation. These credentials are required later. You must have the Azure Kubernetes Service RBAC Cluster Admin role for the cluster. This role must be directly assigned to you or inherited from a parent resource, such as the resource group.

Access the admin console

To access the Keycloak admin console from a browser, use Kubernetes port forwarding:
  1. To establish a port forwarding session to Keycloak, run this command:
    kubectl port-forward -n asset-solutions service/keycloak 8080:80
  2. In the browser, enter this URL:
    http://127.0.0.1:8080/auth/admin

Manage the admin password

The initial administrator username is
admin
. Azure generates the password during deployment. Retrieve the password from the solution key vault. The key vault is in the solution managed resource group, and the secret name is
kc-admin-password
.
To access secrets in the key vault, an administrator might require to perform these tasks:
  • Grant the Key Vault Administrator role to themselves, because the Owner role doesn't provide access to the Key Vault data plane
  • Temporarily allow access to the key vault over the internet By default, public access for this key vault is made unavailable. The recommended practice is to restrict this access to the IPs of specific administrators, in the key vault firewall settings, and, if possible, permanently.
Optionally, in the master realm, perform these actions:
  1. Change the password for the
    admin
    user.
    The recommended practice is to keep the password up-to-date in the key vault.
  2. Add administrative users.
To perform other changes that are related to Virtual Private Cloud settings, go to the unity realm.