Creating a Talend Administration Center application on Keycloak
This article explains the process to create a Talend Administration Center application on Keycloak identity provider system. It enables users to authenticate with a single sign-on (SSO) point on Keycloak rather than with individual applications on different platforms.
Before you begin
- a realm is created,
- a user is created (with the Security Administrator role if role mapping feature is not used),
- the user session is open on Keycloak web platform.
Select the Client menu and create a Client:
- ID: tac
- Protocol: saml
From the Settings tab, enable the Always
Display in Console and Sign
Set parameters as follows:
- change Name ID Format to email
- enable the Always Display in Console and Sign Assertions
- set tac to IDP Initiated SSO URL name. The realm URL is now displayed below.
- extract/realms/myrealm/protocol/saml/clients/tac and paste it in Base URL field
- set the Assertion Consumer Service POST Binding URL: http://localhost:8080/org.talend.administrator/ssologin. Then click Save.
Configuring Talend Administration Center in IdP-initiated mode with Keycloak
This section describes the configuration steps in Talend Administration Center for SSO with Keycloak as Identity Provider.
On Keycloak web platform, download the Keycloack IDP
metadata file from Realm Settings
From Talend Administration Center, go to and set parameters as follows:
- Click Launch upload to upload the metadata file
- Service Provider Entity ID (Keycloak "Client ID"): enter tac
- IDP Authentication Plugin: select Keycloak. A message displays to enable the Personal Access Token: please follow step 5 of the procedure described in this link.
- Use Role Mapping: select
- either true: login to TAC from the identity provider will create/update users with Talend Administration Center roles, attributes name: firstName, lastName, email, tac.projectType, tac.role (for more details, refer to section Configuring Role Mapping )
- or false: no attributes are obtained from the identity provider, but with the default Security Administrator user that was created earlier, you can assign Talend Administration Center roles to other users created by the identity provider.
- Go to Applications page and click Talend Administration Center.
Configuring Role Mapping
This section describes the settings necessary to configure role mapping. The role mapping feature enables to map the application project types and the user roles with those defined in Keycloak identity provider system.
About this task
- Make sure Use Role Mapping field in is set to true (see step 2 of Configuring Talend Administration Center in IdP-initiated mode with Keycloak).
Open the Mapping Configuration and set the values for:
- project types
- roles mapping
Go to Keycloak admin console, create a new user with the default attributes:
firstName, lastName and email:
Add other attributes on the user manually: tacProjectType, tacRole:
- Add the attributes mapping to Talend Administration Center Client:
- User Property
- User Attribute
- User Property
- Go to Keycloak account console page http://<host>:<port>/auth/realms/myrealm/account/, log in with the newly created user and click the Talend Administration Center application.