The Ultimate Engineering Toolkit for Apache Kafka®
Search…
kPow User Guide
About
Introduction
Our Team
Releases
Trials and Licenses
Support
Data Collection
Installation
Quick Start
System Requirements
Deployment Notes
Minimum ACL Permissions
Application Logs
OpenShift
AWS Marketplace
Troubleshooting
Configuration
Environment Variables
Kafka Cluster
Schema Registry
Kafka Connect
Multi-Cluster Management
Azure Event Hubs
Confluent Cloud
Redpanda
User Authentication
Overview
LdapLoginModule
PropertyFileLoginModule
JDBCLoginModule
OpenID/OAuth 2.0
SAML
Okta integration
AWS SSO integration
Azure AD integration
Keycloak Integration
User Authorization
Overview
Simple Access Control
Role Based Access Control
Multi-Tenancy
Administration
Features
Kafka Streams
Data Governance (Audit Log)
Data Policies
HTTPS Connections
Live Mode
Data Inspect
Data Produce
Prometheus Integration
Slack Integration
Kafka Management
Topics
Groups
Brokers
ACLs
Connect
Schema Registry
Powered By GitBook
Keycloak Integration
This integration configures SAML as the authentication mechanism, with Keycloak as the identity provider (IdP) and kPow as the service provider.

Create a Keycloak application

  1. 1.
    Log in to your Keycloak account as an Administrator.
  2. 2.
    Go to Clients in the left menu, and click Create.
  3. 3.
    Input the following details to the Add Client form:
    • For Client ID, enter a name for your App (eg "kpow"). Take note of this Client ID for the last step in LogonLabs.
    • For Client Protocol, select saml.
    • Click Save.
4. While editing the application configure the following:
  • Set Sign Assertions to ON.
  • Set Client Signature Required to OFF.
  • For Valid Redirect URIs, enter: "https://kpow.mycorp.io/saml" (where kpow.mycorp.io is the URL of where kPow is hosted)
6. Go to "Realm Settings" in the main left menu and click SAML 2.0 Identity Provider Metadata. Download the XML file and keep for the next step.

Configure kPow

Set the following environment variables and start kPow:
  • SAML_RELYING_PARTY_IDENTIFIER=kpow this is the Client ID set in step 1
  • AUTH_PROVIDER_TYPE=saml
  • SAML_ACS_URL= the Valid Redirect URI from before, e.g.
    1
    https://kpow.corp.com/saml
    Copied!
  • SAML_METADATA_FILE= the path to the SAML 2.0 Identity Provider Metadata file from step 6, e.g.
    1
    /var/saml/saml-idp-metadata.xml
    Copied!
kPow will now authenticate users with Keycloak (SAML).

User Authorization

  1. 1.
    Navigate to kPow's SAML client in Keycloak and go to the Mappers tab and click Add Builtin
  2. 2.
    Select the built in mappers for role list and click Add Selected
3. Within your RBAC yaml configuration add the following line:
1
saml:
2
role_field: "Role"
Copied!
Previous
Azure AD integration
Next - User Authorization
Overview
Last modified 1mo ago
Copy link
Contents
Create a Keycloak application
Configure kPow
User Authorization