This article is the fourth in a series of six and discusses the onboarding of users to a CDP environment using Keycloak as an Identity Provider (IdP). Keycloak supports the SAML 2.0 protocol and enables identity federation with CDP, allowing users to log in through Keycloak authentication without registering with Cloudera.
To deploy Keycloak, you need to set up an AWS EC2 instance with the necessary characteristics and install Docker compose. Once the instance is ready, you can deploy Keycloak and access the Keycloak Admin Console to configure it.
If you prefer to use the Keycloak web interface, you can create a Realm in Keycloak, download the SAML metadata file, and disable the SSL requirement. Then, in the CDP Console, you can create an Identity Provider using the downloaded metadata file and create a client for the CDP Control Plane in Keycloak. Finally, you can manage users and groups through the Keycloak Admin Console.
Alternatively, if you prefer a terminal-based approach, you can follow a set of steps to configure Keycloak. This approach is more suitable for users familiar with Keycloak or for automating the process. The steps involve logging in to the EC2 instance, creating credentials and logging in to the Realm Master, creating the Realm and downloading the SAML metadata, registering Keycloak in CDP, creating a client, creating users and groups, and finally, logging in and testing the setup.
Both approaches provide a way to onboard users to a CDP environment using Keycloak as an Identity Provider.