Keycloak is an open source tool that helps for user authentication and authorization. It can act as a Single-Sign On solution and also provides user federation from other identity provider.
Annotto is protected by OAuth using Keycloak. When you start annotto in production mode with docker or in development mode with docker-compose, some users will automatically
be created. docker-compose.yml
Once the service is started, you can manage your Keycloak instance at your will. Thanks for those files that are imported directly at keycloak startup
If you want to reach Keycloak Admin Console, you can go to http://localhost:8080 with credentials
| user | pwd |
|---|---|
| admin | admin |
If you want to use Annotto with an SSO such as Microsoft, you can configure keycloak to leverage this Identity Provider. A good documentation to help doing this can be found here
Once you have your Microsoft Identity Provider setup, you will also need to define a way to map your claims and roles from Microsoft to Annotto. You can do so by using a Mapper.
Here is an example of how you set an annotto user role to your incoming Microsoft user.
Typically, in this example, we set the role user at first login with Microsoft SSO. So the user is created based on the Microsoft profile and the role user is added to this new user in Keycloak.