Keycloak
Keycloak serves as the identity and access management solution for MTG-CLM, providing secure authentication, user management, and role-based access control. Proper configuration ensures users can access appropriate CLM features based on their roles and permissions. This way you can establish a secure foundation for your MTG-CLM deployment, ensuring appropriate access controls while enabling integration with your existing identity infrastructure.
Understanding Keycloak’s Role
Keycloak manages authentication and authorization through:
-
User identity verification with multiple authentication methods
-
Role-based access control for CLM features
-
Integration with enterprise directory services
-
Centralized user management
Keycloak Client Configuration
The MTG-CLM server connects to Keycloak using a dedicated client configuration:
-
Client credentials are configured with properties
mtg.clm.client.basic.client-id
andmtg.clm.client.basic.client-secret
. -
Client roles in Keycloak store the permissions used by MTG-CLM.
Changing Keycloak Client
When changing the Keycloak client:
-
Create a new client in Keycloak.
-
Configure the new credentials as properties.
-
Create all necessary roles from the previous client.
-
Restart the MTG-CLM server to apply changes.
Make sure that all previous client roles are recreated to maintain business-critical authorizations. The scheduled permission cleanup task is skipped if the 'ADMIN' role is missing. |