Enable Keycloak Auth

On this page

  1. Verify Keycloak is running
  2. Create the NBS users realm
  3. Import base users and clients
  4. Configure the NBS gateway
  5. Set the login theme

Verify Keycloak is running

  1. Confirm the Keycloak pod is running:

    kubectl get pods

  2. Set up port forwarding:

    kubectl --namespace default port-forward "<pod_name>" 8080

  3. Log in to the Keycloak web UI as an admin.

Create the NBS users realm

  1. In the top-left menu, select Create realm.

    nbs-users-realm

  2. Upload or paste charts/keycloak/extra/02-nbs-users-realm.json and click Create.

    nbs-users-2-realm

  3. Verify the new realm exists.

    nbs-users-3-realm

Import base users and clients

  1. Select the nbs-users realm, then go to Realm settingsActionPartial Import.

    nbs-users-base-users

  2. Upload or paste charts/keycloak/extra/03-nbs-users-base-users.json, select the 3 users, and click Import.

    nbs-users-base-users-2 nbs-users-base-users-3

  3. Upload or paste charts/keycloak/extra/04-nbs-users-development-clients.json, select the 1 client, and click Import.

    nbs-users-development nbs-users-development-2

Configure the NBS gateway

OIDC must be enabled when deploying modernization-api and nbs-gateway. This is configured during Microservices Deployment, not here.

  1. In the nbs-users realm, go to Clientsnbs-modernizationCredentialsClient Secret.

    nbs-modernization

  2. Copy the client secret and update charts/nbs-gateway/values.yaml under the oidc settings.

Set the login theme

You may use the pre-populated NBS login theme, keep the default, or create your own. The Keycloak Helm chart loads a sample theme in a persistent volume mounted at /opt/keycloak/themes/nbs.

  1. Select the nbs-users realm.

  2. Go to Realm settingsThemesLogin and select your preferred theme.

    nbs-login-theme

Back to top

© Centers for Disease Control and Prevention (CDC). All Rights Reserved.