Skip to content

Configuring An External Keycloak

SEAL Systems products use Keycloak as standard identity provider. Keycloak contains various client configurations for PLOSSYS 5 and SEAL Print Client.

If you prefer to use an external Keycloak, you have to configure your external Keycloak for working with SEAL Systems products.

Configuring Your External Keycloak

  1. Create an new realm by pointing with the mouse to the Master realm on the left upper corner of the window and then click on Add realm.

    Add realm

  2. In the displayed dialog, enter SEAL as realm name and confirm with Create.

  3. Get a private key/certificate pair from your system administration and add it to the created SEAL realm. For this, open the Realm Settings on the left side of the window and in the Keys, tab select Provider.

    key-cert-provider

  4. Add a new key/certificate pair by clicking on Add keystore on the left above the provider list and select rsa as keystore type.

  5. Add the name of the provider, select a priority higher than 100 and upload both, key and certificate file.

    add-key-cert

  6. Select the Clients menu item and configure the clients for the created SEAL realm in the identity provider. Finally, it has to look like this:

    Client list

  7. Create a PLOSSYS Administrator client entry by clicking on Create in the right upper corner of the client list and enter seal-plossysadmin as client id. Confirm with Save.

  8. Enter the client configuration data as shown in the picture below, but replace localhost by the real PLOSSYS 5 host name.

    seal-plossysadmin

  9. Create a SEAL Print Client entry by clicking on Create in the right upper corner of the client list and enter seal-print-client as client id. Confirm with Save.

  10. Enter the client configuration data as shown in the picture below, but replace localhost by the real SEAL Print Client host name:

    seal-print-client

  11. Create an Operator client entry by clicking on Create in the right upper corner of the client list and enter operator as client id. Confirm with Save.

  12. Enter the client configuration data as shown in the picture below:

    operator

  13. Create an easyPRIMA client entry by clicking on Create in the right upper corner of the client list and enter seal-easyprima as client id. Confirm with Save.

  14. Enter the client configuration data as shown in the picture below:

    easyPRIMA

  15. Create a SEAL OP-CLI client entry by clicking on Create in the right upper corner of the client list and enter seal-opcli as client id. Confirm with Save.

  16. Enter the client configuration data as shown in the picture below:

    SEAL OP-CLI

  17. Create a SEAL DocPrint client entry by clicking on Create in the right upper corner of the client list and enter seal-mobile-print as client id. Confirm with Save.

  18. Enter the client configuration data as shown in the picture below:

    seal-mobile-print

  19. Create a PLOSSYS CLI entry by clicking on Create in the right upper corner of the client list and enter seal-plossyscli as client id. Confirm with Save.

  20. Enter the client configuration data as shown in the picture below:

    seal-plossyscli

  21. Provide the following data to set up SEAL Print Client and PLOSSYS 5 clients:

    • signing certificate
    • issuer name
    • all client id's
    • all client secrets

    Usually this part of the configuration is done in the form of environment variables on the client side. You will find an example in Configuring Other Identity Providers.