Omni Documentation
Try OmniTalos Linux
  • Omni Documentation
  • Omni Support Matrix
  • Tutorials
    • Getting Started with Omni
    • Upgrading Omni Clusters
    • Installing Airgapped Omni
    • Using SAML and ACLs for fine-grained access control
    • Setting Up the Bare-Metal Infrastructure Provider
  • How-to guides
    • Using SAML with Omni
      • Add a User to Omni with SAML Enabled
      • Auto-assign roles to SAML users
      • Configure Workspace ONE Access for Omni
      • Configure Okta for Omni
      • Configure Entra ID AD for Omni
      • Configure Unifi Identity Enterprise for Omni
    • Register machines with Omni
      • Register a Bare Metal Machine (ISO)
      • Register a Bare Metal Machine (PXE/iPXE)
      • Register an AWS EC2 Instance
      • Register an Azure Instance
      • Register a GCP Instance
      • Register a Hetzner Server
    • Create a Cluster
    • Install talosctl
    • Install and Configure Omnictl
    • Use Kubectl With Omni
    • Create a Kubeconfig for a Kubernetes Service Account
    • Create a Patch For Cluster Machines
    • Manage Access Policies (ACLs)
    • Create a Hybrid Cluster
    • Run Omni on your own infrastructure
      • Deploy Omni On-prem
      • Configure Keycloak for Omni
      • Back Up On-prem Omni Database
      • How to expose Omni with Nginx (HTTPS)
    • Install Talos Linux Extensions
    • Scale a Cluster Up or Down
    • Etcd backups
    • Restore Etcd of a Cluster Managed by Cluster Templates
    • Create an Omni Service Account
    • Create a Machine Class
    • Expose an HTTP Service from a Cluster
    • Export a Cluster Template from a Cluster Created in the UI
    • Audit logs
    • Set Initial Machine Labels Using Omnictl or Image Factory
  • Explanation
    • Machine Registration
    • Authentication and Authorization
    • Omni KMS Disk Encryption
    • Infrastructure Providers
  • Reference
    • omnictl CLI
    • Access Policies (ACLs)
    • Generating omnictl CLI reference
    • Cluster Templates
Powered by GitBook
On this page
Edit on GitHub
Export as PDF
  1. How-to guides
  2. Run Omni on your own infrastructure

Configure Keycloak for Omni

PreviousDeploy Omni On-premNextBack Up On-prem Omni Database

Last updated 9 months ago

  1. Log in to Keycloak.

  2. Create a realm.

  • In the upper left corner of the page, select the dropdown where it says master

  • Fill in the realm name and select create

  1. Find the realm metadata.

  • In the realm settings, there is a link to the metadata needed for SAML under Endpoints.

    • Copy the link or save the data to a file. It will be needed for the installation of Omni.

  1. Create a client

  • Select the Clients tab on the left

  • Fill in the General Settings as shown in the example below. Replace the hostname in the example with your own Omni hostname or IP.

    • Client type

    • Client ID

    • Name

  • Fill in the Login settings as shown in the example below. Replace the hostname in the example with your own Omni hostname or IP.

    • Root URL

    • Valid redirect URIs

    • Master SAML Processing URL

  • Modify the Signature and Encryption settings.

    • Sign documents: off

    • Sign assertions: on

  • Set the Client signature required value to off.

  • Modify Client Scopes

  • Select Add predefined mapper.

  • The following mappers need to be added because they will be used by Omni will use these attributes for assigning permissions.

    • X500 email

    • X500 givenName

    • X500 surname

  • Add a new user (optional)

    • If Keycloak is being used as an Identity Provider, users can be created here.

  • Enter the user information and set the Email verified to Yes

  • Set a password for the user.