Introduction
Keycloak is an open-source identity and access management solution that enables Single Sign-On (SSO), user federation, and centralized authentication for applications and services. This section explains how we set up and use the Keycloak application.
Tip
Have a look at the following presentation. It explains Keycloak and its advantages and can be used both internally and externally as information material: Security Infrastructure Improvement with Keycloak
Overview
Purpose
This document explains how to set up the Single Sign-On (SSO) login method based on the Keycloak application.
Important
Activating SSO changes the authentication process in Flight Deck. Instead of entering a password directly, users are redirected to Keycloak. After a successful login, Flight Deck receives an SSO token for back-end authorization.
Scope
Covered
- Keycloak installation and start‑up
- Realm creation and import
- Client credential creation
- Password policy and mail configuration
- Integration with MIDGARD (MG), KRONOS AS (KR), KRONOS PH (EOS), Tour Operator Portal (TOP), and ASGARD
Not covered
- Activating QC SSO Login in Flight Deck (see the link in References & Links)
Audience
- Infrastructure administrators
- Core Team / system engineers
- Service owners (TSQA, OPS) integrating MG, KR, EOS, TOP, and ASGARD with SSO
SSO Terminology
| Term | Description |
|---|---|
| Single Sign-On (SSO): | Login once and use that session to access multiple applications. |
| Identity Provider (IdP): | The server application that handles authentication (e.g., MS Azure, Jumpcloud, Keycloak). |
| Token: | Returned after successful authentication; used to access APIs (equivalent to a password). |
| Service Provider (SP): | The application (e.g., MIDGARD) that validates the token to authorize API access. |
| User Federation: | Keycloak configuration to forward user authentication to another service (e.g., LDAP). |
| Realm: | Keycloak configuration for a single environment, including user federation, password policy, SMTP server, API user passwords, and valid origins. |
Changelog
| Date | Author | Message |
|---|---|---|
| 2026-03-06 | aresnikowa | qc-0: postediting |
| 2026-03-04 | aresnikowa | qc-0: postediting |
| 2026-03-04 | aresnikowa | QC-47927: aligned with the template, mkDocs formatting alignment |
| 2026-02-26 | aresnikowa | qc-0: How to reuse content |