Login
      Contents x
      Integrating with Keycloack
        • Print
        • PDF
        Contents

        Integrating with Keycloack

          • Print
          • PDF
          Article Summary

          Available in Classic and VPC

          This section describes how to integrate Keycloack, an open source based user account management and permission management solution, with NAVER Cloud Platform. Users within the organization can log into NAVER Cloud Platform console with the Keycloack account being used and utilize the services within the granted permissions.

          The sequence of integrating NAVER Cloud Platform accounts and Keycloack accounts is as follows:

          1. Copy Keycloack metadata
          2. Register external IdP information on NAVER Cloud Platform
          3. Configure Keycloack authentication
          4. Configure NAVER Cloud Platform authentication
          5. Verify integration

          1. Copy Keycloack metadata

          1. Access Keycloack and then login.
          2. Click the dropdown box at the top left of the page and then click the [Add realm] button.
          3. Enter a name in Name and then click the [Create] button.
          4. Click the Realm Settings menu on the left of the page, then click the SAML 2.0 Identity Provider Metadata link in the [General] tab.
          5. Copy the SAML metadata.

          2. Register external IdP information on NAVER Cloud Platform

          The following describes how to register Keycloack metadata on NAVER Cloud Platform.

          1. Click the environment you are using in the Region menu and Platform menu of the NAVER Cloud Platform console.
          2. Click Services > Management & Governance > Ncloud Single Sign-On, in that order.
          3. In the Tenant menu, click the [Register External IdP] button.
          4. In the Metadata section, paste the metadata information downloaded from Copy Keycloack metadata, then click the [Save] button.
            • The sub-information will be entered automatically.
          5. Click the [Register] button.
          6. In the External IdP login area of the Tenant menu, click the Service Provider Metadata button.
          7. Click the [Download] button.

          3. Configure Keycloack authentication

          This section describes how to create a client to perform authentication in Keycloack, add users to be integrated with NAVER Cloud Platform, and define user attribute information necessary for authentication.

          Create client

          The following describes how to create a client.

          1. Access Keycloack and click the Clients menu on the left of the page.
          2. Click the [Create] button.
          3. Click the [Select file] button in the Import section.
          4. Upload the metadata file downloaded during Register external IdP information on NAVER Cloud Platform.
            • Once the metadata file is uploaded, values are automatically entered in the Client ID information and Client Protocol fields.
          5. In Client SAML Endpoint, input the Assertion Consumer Service (ACS) URL information copied from Copy SAML integration information.
          6. Click the [Save] button.
          7. Enter a name in Name and a brief description in Description, then click the [Save] button.

          Copy SAML integration information

          To integrate Ncloud Single Sign-On service and IdP, you need the Assertion Consumer Service (ACS) URL information, which is the endpoint to receive the SAML response from IdP, and the Issuer URL information to identify the IdP.

          The following describes how to confirm the ACS URL and Issuer URL of NAVER Cloud Platform.

          1. Click the environment you are using in the Region menu and Platform menu of the NAVER Cloud Platform console.
          2. Click Services > Management & Governance > Ncloud Single Sign-On, in that order.
          3. Copy the following information from the External IdP Metadata section in the Tenant menu.
            • Assertion Consumer Service (ACS) URL
            • Issuer URL

          Configure Attribute Mapper

          To map user profiles of Keycloack with Ncloud Single Sign-On service, this defines the user attribute information to be transferred from Keycloack to NAVER Cloud Platform.

          Note

          This guide explains the user attribute information primarily used in authentication, which are FirstName, LastName, Email.

          The following shows how to define user attribute information in Keycloack.

          1. Log in to Keycloack and click the Client menu on the left of the page.
          2. Click the [Edit] button of the client where the user will be set up.
          3. Click the [Mappers] tab.
          4. Click the [Create] button.
          5. Enter the user attribute information to be connected.
            • Name: attribute name
            • Mapper Type: select User Property
            • Property: enter "email"
            • Friendly Name: name to display to the user if the attribute name is encrypted. Optional item
            • SAML Attribute Name: enter "email"
            • SAML Attribute NameFormat: select Unspecified
          6. Click the [Save] button.
          7. Add firstName, lastName attributes in the same manner.
          Note

          "SAML AttributeName" is the value to be entered in External IdP Parameter during the Attribute Mapper setting in user profile management of Ncloud Single Sign-On service.

          Add Keycloack users

          1. Click the User menu at the left side of the page.
          2. Click the [Add user] button.
          3. Enter user name in Username and the email to be integrated in Email.
            • Entering email is not mandatory but as Ncloud Single Sign-On service recognizes email as NameID, you must enter the email.
          4. Click the [Save] button.
            • You will be directed to the user list page.
          5. Click the ID created in the user list.
          6. Set the user’s password in the [Credentials] tab, then click the [Set password] button.
          7. When the Set password popup appears, click the [Set password] button.

          4. Configure NAVER Cloud Platform authentication

          This section describes how to register the Keycloack account to be integrated with NAVER Cloud Platform console and then map user profiles.

          Add SSO User

          You need to create an SSO User in the Ncloud Single Sign-On service using the email information of the user created in the Add AWS users step.

          You need to create an SSO User in the Ncloud Single Sign-On service using the email information of the user created in the Add Keycloack users step.

          The following describes how to add an SSO User in Ncloud Single Sign-On service on NAVER Cloud Platform.

          1. Click the environment you are using in the Region menu and Platform menu of the NAVER Cloud Platform console.
          2. Click Services > Management & Governance > Ncloud Single Sign-On menus.
          3. Click External IdP login > Users > [Create User] button.
          4. Enter the email address of the user created in Add Keycloack users in login ID, then click the [Create] button.
          Note

          For how to create an SSO User in Ncloud Single Sign-On service, see Users.

          Configure Attribute Mapper

          The following shows how to link user attribute information set in Keycloack to user attribute information of Ncloud Single Sign-On service.

          1. Click the environment you are using in the Region menu and Platform menu of the NAVER Cloud Platform console.
          2. Click Services > Management & Governance > Ncloud Single Sign-On menus, in that order.
          3. Click the Tenant menu.
          4. Click the [Attribute Mapper] button in the User profile management area.
          5. When the Attribute Mapper page appears, enter the registered content in Configure Attribute Mapping in External IdP Parameter.
          6. In Sync mode, set the user profile update method.
            • None: the user profile is not updated.
            • Import: the user profile is updated only upon first login.
            • Force: the user profile is updated at every login.
          7. Click the [Save] button.

          5. Verify integration

          The following describes how to verify if the Keycloack account and NAVER Cloud Platform account are integrated.

          1. Click the environment you are using in the Region menu and Platform menu of the NAVER Cloud Platform console.
          2. Click Services > Management & Governance > Ncloud Single Sign-On, in that order.
          3. Copy the Login URL from the Tenant menu, then access the URL.
          4. When the login window appears, enter the email and password, then click the [Sign In] button.
            • The SSO role switch page will appear.
          5. Click the [Console access] or [API access] button on the SSO role switch page.
            • Depending on the access type set for the logged-in SSO User, the [Console access] or [API Gateway access] button will appear.
          6. Click the Services > Management & Governance > Ncloud Single Sign-On > External IdP login > User menu.
          7. Click the [Profile] tab in the detailed information of the logged-in SSO User, then check if the user profile has been updated.
          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout