VMware Telco Cloud Service Assurance can store and manage users.You can point Keycloak to validate credentials from the external stores and synchronize the identity information.
Procedure
- Go to https://Telcocloud serviceassurance-ui-IP.
A typical default URL for logging in to the user interface from the same system on which VMware Telco Cloud Service Assurance is installed is, https://10.x.x.x.
- On the login screen, enter your user name and password.
- Click Next.
The VMware Telco Cloud Service Assurance user interface opens.
- Navigate to Administration > Access > User Federation.
- To add provider, click Add, and provide the following information:
Table 1. Input Parameter Description Default Value Control Display Name Provide the provider name. NA Enabled Toggle Enabled to ON, allows provider to be considered in queries. ON Priority Provide a number. This number determines priority of the provider. 0 Import Users Toggle Import Users to OFF, allows provider to control the storage mode. OFF Edit Mode Select the user LDAP privileges from the following: - Read_Only: The mapped attributes are not editable.
- Writable: The mapped attributes are synched back to LDAP on demand.
- Unsynced: The mapped attributes can be imported, but cannot synch back to LDAP.
READ_ONLY Sync Registrations Toggle Sync Registrations to ON. If you want new users created by Keycloak added to LDAP OFF Vendor Select an LDAP vendor. Active Directory Username LDAP attribute Provide the name of the LDAP attribute. CN RDN LDAP attribute Provide same as Username LDAP attribute. CN UUID LDAP attribute Provide the unique object identifier for objects in LDAP. NA User Object Classes Provide all the values of LDAP object class attributes for users in the LDAP separated by comma. * Users DN Provide the full domain name of LDAP tree, where you users are. ou=users,dc=tco,dc=com Connection URL Provide the connection URL of your LDAP server. And, test the connection. ldap://<fqdn of LDAP> Custom User LDAP Filter Provide custom user LDAP filter, to filter searched users. NA Search Scope Select the search scope from the drop down: - One level: The search applies only for users in the domain names specified.
- Subtree: The search applies to the whole subtree.
One level Bind Type Select the type of the authentication method used during LDAP Simple Bind DN Provide the domain name of LDAP admin. Used by keycloak to access LDAP server. cn=ldapadmin,ou=users,dc=tco,dc=com Bind Credential Provide the password for LDAP admin. NA Advance Settings Enable StartTLS Toggle Enable StartTLS to ON, allows provider to enable TLS NA Enable the LDAPv3 Password Modify Extended Operation Toggle Enable the LDAPv3 Password Modify Extended Operation to ON. NA Validate Password Policy Toggle Validate Password Policy to ON, allows provider to validate password policy. NA Trust Email Toggle Trust Email to ON, NA Use Truststore SPI alwaysOnly for ldapserver Specifies the LDAP connection uses the trust store SPI. Select from: - Always
- Only for LDAP
- Never
NA Connection Timeout Provide the LDAP connection timeout in milliseconds. NA Read Timeout Provide the LDAP read timeout in milliseconds. This timeout applies for LDAP read operations. NA Pagination Toggle Pagination to ON, allows LDAP server to support pagination. NA - Click Next.