You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In my test environment I use Keycloak V22.0.3 which has a different UI as used in the Connections Keycloak documentation.
If you create a mapper for the client scope roles the step differs from step 6 "Next create a Client Scope Mapper for realmName in the Keycloak admin portal. Go to {realm} > Client Scopes > roles > Mappers > Create.":
6. Next create a Client Scope Mapper for realmName in the **Keycloak admin portal**. Go to **{realm}** > **Client Scopes** > **roles** > **Mappers** > **Create**.
... because you have to select the mapper by configuration.
So the documentation should be updated as follows:
Next create a Client Scope Mapper for realmName in the Keycloak admin portal. Go to {realm} > Client Scopes > roles > Mappers > Add mapper > by configuration.
Click entry Hardcoded claim in list
Fill in the following fields with the values below and click Save.
a. Name= realmName
b. Token claim name= realmName
c. Claim name= {realm}
The new UI of Keycloak replaces Access Type through Client authentication:
11. **[Optional]** Create additional clients for the Connections mobile and desktop plugins applications. Similar to creating the main Connections client, in the **Keycloak admin portal** go to **Clients** > **Create**. Repeat for each client. <p> See the information and screenshots below for guidance. </p> <section>**Mobile Client** </section> The following creates the Keycloak client for mobile, there is additional Connections configuration required to complete enabling mobile access (see later section). <p> Set the values for the following fields as indicated:</p><p><ol><li>**Client ID** = connections_social_mobile</li><li>**Enabled** = On</li><li>**Client Protocol** = openid-connect</li><li>**Access Type** = public</li><li>**Standard Flow Enabled** = On</li><li>**Implicit Flow Enabled** = Off</li><li>**Direct Access Grants Enabled** = Off</li><li>**Valid Redirect URIs** = com.ibm.ibmscp://com.ibm.mobile.connections/token</li></ol></p><p>Under Advanced Settings, set:</p><ol><li>**Access Token Lifespan** = 60</li><li>**Proof Key for Code Exchange Code Challenge Method** = S256</li></ol><section>**Desktop Plugins**</section><p>Both Mac and Windows Desktop plugins use the same Keycloak client as the Mobile that is defined above (connections_social_mobile). Add the following redirect URI to the Valid Redirect URIs list of the Mobile client Valid Redirect URIs: <p><filepath>com.ibm.ibmscp://com.ibm.desktop.connections</filepath></p><p>**Note:** If you are supporting older desktop plugins (pre-21.07): <p><ul><li> Add another Keycloak client with ClientID: conn-dsk-plugin </li><li>Other than ClientID, use the same settings as the mobile Keycloak client </li><li>Add this redirect URI to the Valid Redirect URIs list of the conn-dsk-plugin client: <p>Valid Redirect URIs: <filepath>'com.ibm.ibmscp://com.ibm.desktop.connections' </li></ul></p> </p></p> </p></li>
So the documentation should be updated as follows:
In step 11 the mobile definition have to change:
Set the values for the following fields as indicated:
a. Client ID = connections_social_mobile
b. Enabled = On
c. Client Protocol = openid-connect
d. Client authentication= Off (Note: former Access Type = public )
e. Standard Flow Enabled = On
f. Implicit Flow Enabled = Off
g. Direct Access Grants Enabled = Off
h. Valid Redirect URIs = com.ibm.ibmscp://com.ibm.mobile.connections/toke
In my test environment I use Keycloak V22.0.3 which has a different UI as used in the Connections Keycloak documentation.
If you create a mapper for the client scope
rolesthe step differs from step 6 "Next create a Client Scope Mapper for realmName in the Keycloak admin portal. Go to {realm} > Client Scopes > roles > Mappers > Create.":connections-doc/v8-cr2/admin/secure/t_keycloak_config_conn_oidc.md
Line 34 in 2d83167
... because you have to select the mapper by configuration.
So the documentation should be updated as follows:
Next create a Client Scope Mapper for realmName in the Keycloak admin portal. Go to {realm} > Client Scopes > roles > Mappers > Add mapper > by configuration.
Click entry
Hardcoded claimin listFill in the following fields with the values below and click Save.
a. Name=
realmNameb. Token claim name=
realmNamec. Claim name=
{realm}The new UI of Keycloak replaces
Access TypethroughClient authentication:connections-doc/v8-cr2/admin/secure/t_keycloak_config_conn_oidc.md
Line 43 in 2d83167
So the documentation should be updated as follows:
In step 11 the mobile definition have to change:
Set the values for the following fields as indicated:
Please update these steps on this site Configuring KeyCloak as an OIDC provider for Connections
The text was updated successfully, but these errors were encountered: