Categories

Versions

You are viewing the RapidMiner Go documentation for version 10.0 - Check here for latest version

Keycloak

Keycloak is an open source Identity and Access Management solution that can be used to authenticate RapidMiner Go users.

To find out more about Keycloak, visit: https://www.keycloak.org/

When using Keycloak, the RMID component of Go is not needed.

Configuration

Edit the .env file to add the URL of your Keycloak installation: KEYCLOAK_URL=https://keycloak.mydomain.com

The KEYCLOAK_URL cannot be localhost because it needs to be accessible from inside the AM docker container.

You can create the sample Go realm by importing the realm file at keycloak/realm-export.json

This realm contains two OIDC clients - go-frontend and go-backend. It also has 2 predefined roles:

  • go:user - the default user role
  • am:admin - admin role needed to access the automodeler Admin UI at /am/admin

Docker-compose configuration

You can find a sample docker-compose configuration in docker-compose-services-keycloak.yml.

To enable Keycloak authentication in Go add keycloak to Spring active profiles for the Automodeler service:

  rapidminer-automodeler:
    image: rapidminer/rapidminer-automodeler:${IMAGE_TAG_AM}
    mem_limit: ${MEMORY_AM}
    environment:
      SPRING_PROFILES_ACTIVE: on-prem,db-postgresql,branding,keycloak

Here are some of the variables you might need to set:

KEYCLOAK_REALM: Go
KEYCLOAK_AUTH_SERVER_URL: ${KEYCLOAK_URL}/auth/
KEYCLOAK_RESOURCE: go-backend
FRONTEND_KEYCLOAK_CLIENT_ID: go-frontend