Keycloak

In order to authorize users via an external Keycloak server, it is necessary to add:

Keycloak section to the server configuration file /etc/saymon/saymon-server.conf,
Authentication section to the client configuration file /etc/saymon/saymon-client.yaml.

When logging in, the Login method drop-down list will be displayed, where the user needs to select Keycloak and click the button. The user will be redirected to the Keycloak server, where it is necessary to enter the login and password from their Keycloak account.

Keycloak users' accounts

With the first login of a user, authenticated via Keycloak, their account is automatically created in the system. There is the field Source with the value Keycloak on the tab General for these users. The users are marked with the icon in the list of users.

If the login of a user who is authenticated via Keycloak, is matched with another user’s login, who has been already registered in the system, then the Keycloak user will not be able to log in the system.

By default Keycloak users have the same permissions as any newly created user.

The tab Password change is not available for Keycloak users.

Removing Keycloak users

After removing account of a Keycloak user, the user still can login to the system with their credentials. The account will be created again with default permissions, permissions got from groups will remain.

In order to block login of an Keycloak user to the system it is sufficient to switch their status to Blocked.