Table of Contents
- Base Installation
- Prerequisites
- Installation of Keycloak
- Configuration of Keycloak
- Create an Olvid User Realm
- Create an Olvid Admin Realm
- Configure Keycloak to Send Emails
- Configuration of the Olvid Plugin
- Upgrading
- Additional Configuration
- Configuration of an External IdP
- Using LDAP User Federation
- x509 Client Certificates Authentication
- Configure Olvid via an MDM
- Using the management console
- How to use the Console
- Misc.
- Changelog
Create an Olvid Admin Realm
The Olvid Management Console can be accessed by anyone logged into the master realm of Keycloak. However, it is recommended to leave the administration of Keycloak itself (and access to the master realm) to server administrators and create a dedicated realm for the administration of Olvid and the day to day management of Olvid users.
Just as for the Olvid user realm:
- click “Add Realm” at the top left of the administration page
- name this realm something like
olvid_admin - adjust the lifespan of tokens to your needs, but the default setting is probably ok for a web application
- no need to create a specific client for authentication here, the default authentication mechanisms will be used
You may either create users manually (either from the Keycloak interface or from the Olvid management console) or add an external Identity Provider, or LDAP user federation for admins too. If you choose to use local users, you can create admin users directly from the Olvid console.
Contrary to the Olvid user realm, you do not need to create a specific client for authentication as admin users will log in directly from the browser, using the regular Keycloak authentication flow. Do not deactivate the account or account-console clients for this realm.
