WIP!
SSL Keycloak is an identity provider for SSL users in the eHealth infrastucture.
Each SSL Organization in the eHealth infrastucture will have a realm
in SSL Keycloak. Administrators can manage users on these realms.
Managing Users
This section is a guide for administrators. In this guide we will use Trifork as an example SSL Organization.
Prerequisites:
a realm on SSL Keycloak called
trifork
an admin user on the
trifork
-realm:trifork_admin
To log in to the administration console go to ssl-login.<base-url>/auth/auth/trifork/admin
. Note that the name of the realm is part of the URL. Enter the credentials and click Log in.
On the Users page, administrators are able to view, search for, add, edit, and delete users.
To add a new user, click on Add user.
Fill out the Add user form with Username, Email, First Name, and Last Name. Click Save.
The user has been created. Now we need to set up the users credentials. Click on the Credentials tab.
There are two options for configuring credentials. Either create a temporary password, or let SSL Keycloak take care of it by sending an email to the newly created user. We recommend the last option.
In the Credential Reset section, select Verify Email
, and Update Password
in the Reset Actions input field. Set expiry to the desired amount. Click on Send email.
Confirm by clicking Send Email.
A pop-up confirms that the email was sent.
Now we need to configure the privileges of the user. Click on the Attributes tab.
Add an attribute with key dk:gov:saml:attribute:Privileges_intermediate
and value is a Base 64 encoded OIO Basic Privilege Profile XML document.