Keycloak provides open source identity and access management and can be integrated with
HCL Compass to support Single Sign On (SSO)
in HCL Compass.
Before you begin
Note: Using HCL Compass on Docker
and Docker Compose is not supported when deployed in a production environment. To use HCL
Compass in a container in a production environment, deploy HCL Compass to a Kubernetes
environment. For more information, see
Deploying HCL Compass on SoFy Sandbox.
To install and
deploy Single Sign On for
HCL Compass,
note the following:
Procedure
-
Create a new folder named path/to/your/keycloak-json and copy the
keycloak.json file in this folder.
$ mkdir /path/to/your/keycloak-json
$ cp keycloak.json /path/to/your/keycloak-json/.
-
Add the following settings to the hcl-compass docker run command, as described in Getting started with Docker.
- Enable SSO
- Add the SSO_CONFIG_SET environment variable and provide SSO configuration for
each database repository during deployment of the HCL Compass Container.
- Mount the path/to/your/keycloak-json folder to the hcl-compass container
location
/opt/hcl/compass/compass-rest-server-distribution/data/keycloak.
--env SSO_ENABLED=TRUE \
--env SSO_CONFIG_SET=(\"SSO_CONFIG_1\"\"SSO_CONFIG_2\" ..... \"SSO_CONFIG_n\") \
-v /path/to/your/keycloak-json/:/opt/hcl/compass/compass-rest-server-distribution/data/keycloak \
- Each SSO configuration
SSO_CONFIX_x
must be set with the following
format:-username [Username] -password [User password] -dbset [dbset_name] -ssousername [sso_user_name]
- The following example illustrates the proper configuration for a two SSO configuration. In this
case, one is for DefectTracking-SAMPL and the other is for EssentialSAFe-SAMPL repository
applications:
--env SSO_CONFIG_SET="(\" -username admin -password \"\" -dbset DefectTracking -ssousername SSO_USER\" \"-username admin -password \"\" -dbset EssentialSAFe -ssousername SSO_USER\")"
Note: The
value for [sso_user_name]
should be an internal name provided by the administrator.
This name should be unique and should not be used for any other function in HCL Compass.
-
Enter https://localhost:8190/ in a browser to see the HCL Compass application running with Single Sign On
functionality.