Configuring an External Keycloak

---

SEAL Systems products use Keycloak as standard identity provider. Keycloak contains various client configurations for PLOSSYS 5 and SEAL Operator/SEAL Print Client.

If you prefer to use an external Keycloak, you have to configure your external Keycloak for working with SEAL Systems products.

---

Configuring Your External Keycloak

1. Create an new realm by pointing with the mouse to the Master realm on the left upper corner of the window and then click on Add realm.

   

2. In the displayed dialog, enter SEAL as realm name and confirm with Create.

3. Get a private key/certificate pair from your system administration and add it to the created SEAL realm. For this, open the Realm Settings on the left side of the window and in the Keys, tab select Provider.

   

4. Add a new key/certificate pair by clicking on Add keystore on the left above the provider list and select rsa as keystore type.

5. Add the name of the provider, select a priority higher than 100 and upload both, key and certificate file.

   

6. Select the Clients menu item and configure the clients for the created SEAL realm in the identity provider. Finally, it has to look like this:

   

   1. SEAL easyPRIMA:

      1. Create an easyPRIMA client entry by clicking on Create in the right upper corner of the client list and enter seal-easyprima as client id. Confirm with Save.

      2. Enter the client configuration data as shown in the picture below:

         

   2. PLOSSYS Administrator:

      1. Create a PLOSSYS Administrator client entry by clicking on Create in the right upper corner of the client list and enter seal-plossysadmin as client id. Confirm with Save.

      2. Enter the client configuration data as shown in the picture below, but replace localhost by the real PLOSSYS 5 host name.

         

   3. PLOSSYS CLI:

      1. Create a PLOSSYS CLI entry by clicking on Create in the right upper corner of the client list and enter seal-plossyscli as client id. Confirm with Save.

      2. Enter the client configuration data as shown in the picture below:

         

   4. PLOSSYS DocPrint:

      1. Create a PLOSSYS DocPrint client entry by clicking on Create in the right upper corner of the client list and enter seal-mobile-print as client id. Confirm with Save.

      2. Enter the client configuration data as shown in the picture below:

         

   5. SEAL OP-CLI:

      1. Create a SEAL OP-CLI client entry by clicking on Create in the right upper corner of the client list and enter seal-opcli as client id. Confirm with Save.

      2. Enter the client configuration data as shown in the picture below:

         

   6. SEAL Operator:

      1. Create an Operator client entry by clicking on Create in the right upper corner of the client list and enter operator as client id. Confirm with Save.

      2. Enter the client configuration data as shown in the picture below:

         

   7. SEAL Operator/SEAL Print Client:

      1. Create a SEAL Operator/SEAL Print Client entry by clicking on Create in the right upper corner of the client list and enter seal-print-client as client id. Confirm with Save.

      2. Enter the client configuration data as shown in the picture below, but replace localhost by the real SEAL Operator/SEAL Print Client host name:

         

7. Provide the following data to set up SEAL Operator/SEAL Print Client and PLOSSYS 5 clients:

   • issuer url
   • issuer name
   • all client id's
   • all client secrets

   Usually this part of the configuration is done in the form of environment variables on the client side. You will find an example in Configuring Other Identity Providers.

---