Keycloak onboarding update (#199)

* update * update * update * update
stakater · Apr 26, 2024 · 3899f07 · 3899f07
1 parent d83fca7
commit 3899f07
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 16 deletions.
diff --git a/content/about/onboarding.md b/content/about/onboarding.md
@@ -20,6 +20,7 @@ This is a complete list of the customer data and permissions needed for getting
 * Configure access to systems
 * On-boarding session and knowledge sharing
 * Configure SSO
+    * Configure [Keycloak IDP](../for-administrators/secure-your-cluster/keycloak-idp.md)
 
 ## Week 2-4 - Application Migration - Time and Material - Optional
 

diff --git a/content/for-administrators/secure-your-cluster/keycloak-idp.md b/content/for-administrators/secure-your-cluster/keycloak-idp.md
@@ -1,18 +1,21 @@
 # Configuring a Keycloak identity provider
 
-In the realm you want to provide access, create a new Client:
-
-- Client ID: `ap-broker`
-- Name: `Stakater Agility Platform - Broker (OR whatever is suitable)`
-- Enabled: `ON`
-- Client Protocol: `openid-connect`
-- Access Type: `Confidential`
-- Standard Flow Enabled: `ON`
-- Service Accounts Enabled: `ON`
-- Authorization Enabled: `ON`
-- Redirect URI: Ask Stakater Support team to provide the redirect URI
-
-Now on the newly created `Client`; go to `Credentials` tab and copy the `Secret` mentioned there. That is the secret Stakater team will be needing in order to authenticate your keycloak.
+The Keycloak instance provided by Stakater is only for managing access to the managed addons of SAAP. To configure a Keycloak identity provider for your own applications:
+
+1. In the realm you want to provide access, create a new Client:
+
+    - Client ID: `ap-broker`
+    - Name: `Stakater Agility Platform - Broker (OR whatever is suitable)`
+    - Enabled: `ON`
+    - Client Protocol: `openid-connect`
+    - Access Type: `Confidential`
+    - Standard Flow Enabled: `ON`
+    - Service Accounts Enabled: `ON`
+    - Authorization Enabled: `ON`
+    - Redirect URI: Ask Stakater Support team to provide the redirect URI
+
+1. On the newly created `Client`, go to the `Credentials` tab and copy the `Secret` mentioned there
+1. Provide Stakater with the copied secret, so Stakater can set up authentication for your Keycloak
 
 ## Items provided by Stakater Support
 

diff --git a/content/help/k8s-concepts/cloud-native-app.md b/content/help/k8s-concepts/cloud-native-app.md
@@ -573,7 +573,7 @@ Considerations for helping to protect access to your app include the following:
 
 The security landscape constantly evolves within an enterprise, making it harder for you to code security constructs in your apps
 
-Stakater App Agility Platform offers Keycloak as fully managed IAM solution to cater all the needs.
+Stakater App Agility Platform offers Keycloak as fully managed IAM solution to support SSO login for managed addons.
 
 ## 16. Dependencies initialization
 

diff --git a/content/managed-addons/nexus/explanation/permissions.md b/content/managed-addons/nexus/explanation/permissions.md
@@ -21,7 +21,7 @@ For human users which login via SSO we have following roles available.
 | `nexus-oauth-viewer`  |nx-repository-view-*-*-browse, nx-repository-view-*-*-read |
 | `nexus-oauth-editor`  |nx-datastores-all, nx-blobstores-all, nx-analytics-all, nx-repository-admin-*-*-* |
 
-On first login you automatically get `nexus-oauth-viewer`. See [Granting Admin privilege to user for nexus on Keycloak](../how-to-guide/how-to-grant-admin-privileges.md) on how to configure admin role with keycloak for nexus.
+On first login you automatically get `nexus-oauth-viewer`. See [Granting Admin privilege to user for Nexus on Keycloak](../how-to-guide/how-to-grant-admin-privileges.md) on how to configure admin role with Keycloak for Nexus.
 
 ### 2. Machine Users
 

diff --git a/content/managed-addons/overview.md b/content/managed-addons/overview.md
@@ -12,7 +12,7 @@ Internal alerting | [Alertmanager](./monitoring-stack/overview.md)
 Service mesh | [Istio, Kiali and Jaeger](./service-mesh/overview.md) (only one fully managed control plane)
 Image scanning | [Trivy](https://github.com/aquasecurity/trivy)
 Backups & Recovery | [Velero](./velero/overview.md)
-Authentication an SSO (for managed addons) | [Keycloak](https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.6), [OAuth Proxy](https://github.com/oauth2-proxy/oauth2-proxy)
+Authentication and SSO (for managed addons - customer applications requires its own customer managed Keycloak instance) | [Keycloak](https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.6), [OAuth Proxy](https://github.com/oauth2-proxy/oauth2-proxy)
 Secrets management | [Vault](./vault/overview.md)
 Artifacts management (Docker, Helm and Package registry) | [Nexus](./nexus/overview.md)
 Code inspection | [SonarQube](./sonarqube/overview.md)