Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Following the OAuth 2.0 standard, ModelOp Center requires the following Keycloak configurations for a successful integration:

  1. LDAP Provider

  2. (Custom) Optional Client Scope

    1. modelop_client

  3. Groups LDAP Mapper

  4. Clients

    1. gateway-service

    2. internal-client

    3. go-cli

    4. external-integration-client

Proposed
Client
ID

Access
Type

Grant Type

Valid Redirect URIs

Default
Client Scopes

Optional
Client Scopes

gateway-service
(C2B)

Confidential

  • Authorization Code Flow

    • Standard Flow Enabled: ON

  • <ModelOp Center URL>

  • <ModelOp Center URL>/login/oauth2/code/gateway-service

  • email

  • openid

  • profile

internal-client
(B2B)

Confidential

  • Client Credentials Grant

    • Service Accounts Enabled: ON

  • modelop_client

go-cli
(C2B)

Confidential

  • Resource Owner Password Credentials Grant

    • Direct Access Grants Enabled: ON

  • openid

  • profile

  • email

external-integration-client
(C2B)

Public

  • Implicit Flow

    • Implicit Flow Enabled: ON

  • Authorization Code Flow

    • Standard Flow Enabled: ON

  • <ModelOp Center URL>/modelOpWDC.html

  • <ModelOp Center URL>/jupyterOauth2ImplicitGrant.html

  • https://oauth.powerbi.com/views/oauthredirect.html

  • openid

  • profile

  • email

NOTE: Once the internal-client is created, please assign the modelop_client scope as an optional client scope by following these steps:

  1. Open “Clients” tab

  2. Open “internal-client”

  3. Open “Client Scopes” tab

  4. For the “Optional Client Scopes” box, select “modelop_client” and click on “Add selected”

Required User Attributes

  • Family name

  • Given name

  • User name

  • Email

  • Group(s)

...

For instructions on how to create the custom modelop_client scope and groups LDAP mapper, please follow the Keycloak: How-to guide.