Keycloak

Following the OAuth 2.0 standard, ModelOp Center requires the following Keycloak configurations for a successful integration:

  1. LDAP Provider

  2. (Custom) Optional Client Scope

    1. modelop_client

  3. LDAP Mapper

  4. Clients

    1. gateway-service

    2. internal-client

    3. go-cli

    4. external-integration-client

Proposed
Client
ID

Access
Type

Grant Type

Valid Redirect URIs

Default
Client Scopes

Optional
Client Scopes

Proposed
Client
ID

Access
Type

Grant Type

Valid Redirect URIs

Default
Client Scopes

Optional
Client Scopes

gateway-service
(C2B)

Confidential

  • Authorization Code Flow

    • Standard Flow Enabled: ON

  • <ModelOp Center URL>

  • <ModelOp Center URL>/login/oauth2/code/gateway-service

  • email

  • openid

  • profile

 

internal-client
(B2B)

Confidential

  • Client Credentials Grant

    • Service Accounts Enabled: ON

 

 

  • modelop_client

go-cli
(C2B)

Confidential

  • Resource Owner Password Credentials Grant

    • Direct Access Grants Enabled: ON

 

  • openid

  • profile

  • email

 

external-integration-client
(C2B)

Public

  • Implicit Flow

    • Implicit Flow Enabled: ON

  • Authorization Code Flow

    • Standard Flow Enabled: ON

  • <ModelOp Center URL>/modelOpWDC.html

  • <ModelOp Center URL>/jupyterOauth2ImplicitGrant.html

  • https://oauth.powerbi.com/views/oauthredirect.html

  • openid

  • profile

  • email

 

NOTE: Once the internal-client is created, please assign the modelop_client scope as an optional client scope by following these steps:

  1. Open “Clients” tab

  2. Open “internal-client”

  3. Open “Client Scopes” tab

  4. For the “Optional Client Scopes” box, select “modelop_client” and click on “Add selected”

Required User Attributes

  • Family name

  • Given name

  • User name

  • Email

  • Group(s)

Keycloak Guide

For instructions on how to create the custom modelop_client scope and LDAP mapper, please follow the Keycloak: How-to guide.