Keycloak

Keycloak serves as the identity and access management solution for MTG-CLM, providing secure authentication, user management, and role-based access control. Proper configuration ensures users can access appropriate CLM features based on their roles and permissions. This way you can establish a secure foundation for your MTG-CLM deployment, ensuring appropriate access controls while enabling integration with your existing identity infrastructure.

Understanding Keycloak’s Role

Keycloak manages authentication and authorization through:

  • User identity verification with multiple authentication methods

  • Role-based access control for CLM features

  • Integration with enterprise directory services

  • Centralized user management

Keycloak Client Configuration

The MTG-CLM server connects to Keycloak using a dedicated client configuration:

  • Client credentials are configured with properties mtg.clm.client.basic.client-id and mtg.clm.client.basic.client-secret.

  • Client roles in Keycloak store the permissions used by MTG-CLM.

Changing Keycloak Client

When changing the Keycloak client:

  1. Create a new client in Keycloak.

  2. Configure the new credentials as properties.

  3. Create all necessary roles from the previous client.

  4. Restart the MTG-CLM server to apply changes.

Make sure that all previous client roles are recreated to maintain business-critical authorizations.
The scheduled permission cleanup task is skipped if the 'ADMIN' role is missing.

Further Reading