Skip to content

Sso

Single Sign-On (SSO)

Keycloak

Metaport is ready for use with Keycloak, an excellent Open Source IAM platform which supports dozens of authentication backends, protocols and authentication flows.

Metaport is Keycloak-ready for OAuth/OIDC using the following configuration.

Environment Variables

The following variables can be seen in-use via the .env.example file available from the Gitlab repository but are reproduced here with terse comments.

  • KEYCLOAK_URL The FQN of your Keycloak server - including scheme and port, e.g. KEYCLOAK_URL=http://192.168.1.244:18080.
  • KEYCLOAK_REALM Keycloak permits segmented authentication boundaries. The default realm is "master", e.g. KEYCLOAK_REALM=master.
  • KEYCLOAK_CLIENT_ID Within a realm, a virtual client is configured to act on behalf of an app, or collection of apps, e.g. KEYCLOAK_CLIENT_ID=122345abce
  • KEYCLOAK_CLIENT_SECRET This is generated for you by Keycloak upon creating a client.
  • KEYCLOAK_REDIRECT_URI This is the FQN where the Keycloak client should redirect when logging-in users, e.g. KEYCLOAK_REDIRECT_URI=https://metaport.mydomain.com/oauth/callback.

Tip

Review the development docs to see a Keycloak client example setup to talk to an OpenLDAP server.

Note

With the environment variable KEYCLOAK_REALM set, this will signal to Metaport to hide the registration form, even if the REGISTRATION_ENABLED variable is also set.

Microsoft Entra ID

Microsoft Entra ID integration is under consideration.

Auth0

Auth0 integration is under consideration.

Google

For on-premise setups, enable registration and login through Google with the following optional environment variables.

Environment Variables

GOOGLE_SSO_CLIENT_ID=<my_google_oauth_client_id>
GOOGLE_SSO_CLIENT_SECRET=<my_google_client_secret>
GOOGLE_SSO_REDIRECT_URI=https://my.metaport.xyz/oauth/callback

Github

For on-premise setups, enable registration and login through Google with the following optional environment variables.

Environment Variables

GITHUB_SSO_CLIENT_ID=<my_github_oauth_client_id>
GITHUB_SSO_CLIENT_SECRET=<my_github_client_secret>
GITHUB_SSO_REDIRECT_URI=https://my.metaport.xyz/oauth/callback