Support Portal

Introduction

As part of this guide, you will be taken through step-by-step to setup Keycloak for your Management Suite. The naming of the realm, clients, and roles cannot be changed otherwise it will cause issues when attempting to access Config, Control,  Insight, or attempting to validate that Keycloak is configured. 

This is available on Synergy SKY Management Suite 31.07.6344 or newer.

To begin please get in touch with us by creating a ticket and we will provide instructions on how to start Keycloak.

Initial Setup and Testing

1. Select Synergy CONFIG from Synergy SKY Management Suite homepage
   
   
2. When using FQDN make sure it has been added to ‘External Address’ in Network under General Settings and click on the Save Changes button at the top right of the screen
   
   
   
   
3. If you have not reached out to us via ticket, please do so now as you will not be able to proceed.
   
   
4. Reload the Synergy SKY Management Suite homepage and there should now be a Keycloak icon to be clicked on
   1. Please wait at least 2 minutes before clicking for Keycloak to be fully enabled, otherwise webpage will not load
      
      
5.  Create an admin Username and Password account and then login with those details to the Administration Console
   
   
   
   
   
6. Move the cursor over the drop-down that says Master and click on Add Realm
   
   
   
   
   
7. Import the template, this will auto-populate the name. Do not change this.
   Please unzip the folder and upload SynergySKYTemplate.json
   
   
   
   
   
   
   
   
8. Select Users from left hand panel and click Add User
   
   
   
   
   
9. Create a local user (E.g. demo@test.com) then click Save
   
   
   
   
   
10. Under the Credentials tab type a password (E.g. password), toggle Temporary to OFF and Set Password
    
    
    
    
    
11. Under the Role Mappings tab use the Client Roles drop-down to select ‘SynergySKYConfig’ and add ‘ConfigAdmin’ to Assigned Roles
    
    
    
    
    
12. Add Roles from ‘SynergySKYControl’ & ‘SynergySKYAnalyze’ in the same manner
    1. You can assign all Insight (Analyze) Roles to a single User or only one (1)
       N.B. It is possible to assign roles by default under the Groups heading in the left-hand panel. Here you can create a group, assign Client Roles and then add to Default Groups
       
       
       
       
       
13. Open the Synergy SKY Config Tool page and select Authentication under the General Settings
    
    
14. Toggle the switch to ON
    
    
    
    
15. To get the Insight (Analyze) Client Secret, go back to the Keycloak configuration page and select the SynergySKYAnalyze client found under Clients.
    
    
16. Select the Credentials tab, click regenerate secret and copy the Secret from this page to the Analyze Client Secret in the Config Tool
    
    
    
    
17. To get the Public Key, go back to the Keycloak configuration page and select Realm Settings
    
    
18. Select the Keys tab and then click on the Public Key button across from RS256/RSA and copy text from the popup and paste into the Config Tool
    
    
    
    
    
19. Once Analyze Client Secret and Public Key have been added, click on Verify Keycloak Login button and Sign In with the User (E.g. demo@test.com) account
    
    
    
    
    
    
20. Once verified, click on Save Changes in the Config Tool and then deploy the configuration
    
    
21. Open a new web browser and try to access Synergy SKY Config Tool page using the User created in Keycloak

Adding Azure AD as Identity Provider

1. In the Keycloak config page, select Identity Providers from left hand panel and choose OpenID Connect v1.0
   
   
   
   
2. Give an Alias name (E.g. azuread)
   
   
3. Give a Display Name (E.g. Azure AD)
   
   
4. Copy Redirect URI information for use in Synergy SKY Management Suite
   
   

Register Application in Azure AD

1. Go to aad.portal.azure.com and log in
   
   
2. Select App Registrations and then click New Registration
   
   
   
   
   
3. Give application a Name (E.g. Keycloak Demo)
   
   
4. Select the Supported account types (E.g. Single Tenant)
   
   
5. Select Web for Redirect URI and paste link copied from Keycloak configuration page
   
   
6. Click on Register
   
   
   
   
   
7. Click on Endpoints on next screen and copy the OAuth 2.0 authorization endpoint (v2) and OAuth 2.0 token endpoint (v2) to the associated fields in Keycloak
   
   
   
   
   
   
8. Close the Endpoints window and copy the Application (client) ID to the Client ID section of Keycloak, setting the Client Authentication method to Client secret sent as post
   
   
   
   
9. A Client Secret is now required.
   
   
10. In Azure AD, select Certificates & secrets and then click New client secret
    
    
    
    
11. Add a Description (E.g. Keycloak Secret) and set the Expires timeframe (N.B. make a note of this if needing to renew at a future time) then click on Add
    
    
    
    
12. Copy the Value of the secret once done
    
    
    
    
13. Paste the secret into the Client Secret section in Keycloak configuration and add some Default Scopes (E.g. openid profile email) and then click on Save at the bottom of the page.
    
    
    

Try and login to Synergy SKY Config Tool from a new private window or a different web browser. There should now be a button at the bottom saying “Azure AD” or whatever Display Name was specified in step 3. Click on the button and login using AD.