Home
Administration
Here you will find the tasks that are required for administration of your HCL Link product.
Keycloak
This documentation describes about the Keycloak functionality.
User Administration
After you install Keycloak, you must consider how the software manages users and authentication.
Runtime REST API
Runtime REST API supports Keycloak authentication of user credentials for running maps and flows. Like Link, Runtime REST API can be configured to authenticate users with Keycloak.
Connecting Runtime REST API server
This topic documents how to set up connection between Keycloak and Runtime REST API server.

Administration
Here you will find the tasks that are required for administration of your HCL Link product.
- User Management
  HCL Link provides inbuilt support for managing users who may create, deploy and run integrations.
- Keycloak
  This documentation describes about the Keycloak functionality.
  - Introduction
    Keycloak is an open-source identity and Access Management solution. It is a single sign-on security application for web applications and RESTful web services. Link and Runtime REST API supports Keycloak solution of user administration and authorization.
  - Installation
    To install Keycloak refer to the latest “Getting Started” documentation available on the Keycloak product website.
  - User Administration
    After you install Keycloak, you must consider how the software manages users and authentication.
    - Default User Administration
      Keycloak uses the concept of a realm to manage and authenticate users. When you install the Keycloak server, a realm called testserver is created for you in Keycloak. All server users belong to this realm and when they log in to the server, they log into that realm.
    - LDAP User Authentication
      You are using a Lightweight Directory Access Protocol and Active Directory HTTP server to manage users and authentication. You want to know the best practices to use that LDAP/AD server to manage user access to Link.
    - Runtime REST API
      Runtime REST API supports Keycloak authentication of user credentials for running maps and flows. Like Link, Runtime REST API can be configured to authenticate users with Keycloak.
      - Connecting Runtime REST API server
        This topic documents how to set up connection between Keycloak and Runtime REST API server.
- Account recovery
  These instructions describe how to use the Administrators' account recover utility to recover account information for both Windows and Linux accounts.

Connecting Runtime REST API server

This topic documents how to set up connection between Keycloak and Runtime REST API server.

Procedure

Install Link or Runtime & Monitoring.
In Keycloak, make sure that Keycloak Auth Enabledis set to true.

In text editor, open config.yaml to confirm the connectivity information. You can see the below information and update as appropriate to your environment:

##############################
### Keycloak Configuration ###
##############################
keycloak:
  # Previously: authentication.keycloak.enabled, HIP_KEYCLOAK_AUTH_ENABLED
  enabled: false

  # Specify the Keycloak server in the format {protocol}://{host}:{port}.
  # For example:
  #   http://keycloak-0:8080
  # Previously: authentication.keycloak.serverUrl, HIP_KEYCLOAK_SERVER_URL
  serverUrl: ""

  # Previously: authentication.keycloak.realmId, HIP_KEYCLOAK_REALM_ID
  realmId: "link"

Run Runtime REST API server to service REST client calls.
REST clients invoking the Runtime REST API should include the user credentials that can be authenticated with Keycloak to run the maps or flows, or to fetch any runtime information.