Skip to main content

OpenID Connect with Keycloak

Prerequisites

  • A Keycloak instance with at least one realm

Configure the Keycloak Realm to allow Cortex

  1. Create a new OpenID Connect (OIDC) client in your Keycloak Realm

    • Enter "cortex" for the Client ID (this will have to match what you specify in the Cortex config later)
    • Optionally add a Name and Description
    • On the next screen toggle "Client Authorization" to "On". This is required to get a client secret.
    • For the various URLs/URIs, use the following:
      • Root URL: https://your-cortex-server/
      • Home URL: https://your-cortex-server/
      • Valid Redirect URIs: https://your-cortex-server/*
      • Valid post logout redirect URIs: +
      • Web Origins: +

  2. View the "Credentials" tab for the newly-created client and copy the value of the "Client Secret"

  3. Configure Cortex by setting the following settings in the "Authentication" block:

    • Type: keycloak
    • Authority: https://your-keycloak-server/realms/your-realm (in some versions of keycloak, this might be /auth/realms/your-realm)
    • ClientId: the client ID you created in step 1
    • ClientSecret: the value you copied in step 2

Video

Coming soon