OpenID Connect with Keycloak

Prerequisites

• A Keycloak instance with at least one realm

Configure the Keycloak Realm to allow Cortex

1. Create a new OpenID Connect (OIDC) client in your Keycloak Realm

   • Enter "cortex" for the Client ID (this will have to match what you specify in the Cortex config later)
   • Optionally add a Name and Description
   • On the next screen toggle "Client Authorization" to "On". This is required to get a client secret.
   • For the various URLs/URIs, use the following:
     • Root URL: https://your-cortex-server/
     • Home URL: https://your-cortex-server/
     • Valid Redirect URIs: https://your-cortex-server/*
     • Valid post logout redirect URIs: +
     • Web Origins: +

2. View the "Credentials" tab for the newly-created client and copy the value of the "Client Secret"

3. Configure Cortex by setting the following settings in the "Authentication" block:

   • Type: keycloak
   • Authority: https://your-keycloak-server/realms/your-realm (in some versions of keycloak, this might be /auth/realms/your-realm)
   • ClientId: the client ID you created in step 1
   • ClientSecret: the value you copied in step 2

Video

Coming soon