Configuration of an Keycloak authorization server
Prerequisites
To use Keycloak as an authorization serve,r you must run a Keycloak instance.
Keycloak can be downloaded from downloads - Keycloak.
If you have Docker installed, you can follow this instruction: https://kgs-software.atlassian.net/wiki/spaces/DEV/pages/2048688183.
The following screenshots show you the essential configurations needed to use the Keycloak application as an authentication server.
In this screenshots the different repository.cfg parameter values are marked with their name.
Create a Realm
First we create a new area for CMIS authentication.
The standard configurations of the realm are sufficient for our purposes.
Clicking on "OpenID Endpoint Configuration" will take you to the realm configuration. The URL shown above is the .discovery.url.
Create a Client
Identical to Configuration of an Azure authorization server | Authentication, we need to configure Redirect URIs.
Create a Client Scope
With the client scope we can configure a scope that changes the audience of the access token to the one we have defined. When the user requests a token with this scope, the audience of the token is set correctly.
The scopes must be adjusted under the new client. The new scope must be added under the optional scopes.
Create a User
Finally, we create a user that can be used to request a token from the authentication server.
Here is a realm export of a configured realm: