Keycloak
Keycloak is an open source identity and access management solution that we integrated in our platform for identity and access management. It can be accessed via System tab in the web interface.
Kaapana user groups
Access to platform features is segmented into three user groups:
kaapana_user: Members of this group inherit the user role. The role user grants access to all features within the Workflows Management System except for the Instance Overview. Additionally, their access to OpenSeach and MinIO is limited to project specific data.
kaapana_project_manager: Members of this group inherit the project-manager and user roles. The role project-manager grants full access to the project-managing API of Kaapana. Users with this role can use all functionalities under System>Projects.
kaapana_admin: Members of this group inherit the roles user, project-manager and admin. The admin role grants unrestricted access to all platform features and all projects.
How to create a new user
Navigate to Keycloak and login with the Keycloak credentials (Default: admin - Kaapana2020)
In the Keycloak menu navigate to the Users tab.
Click on Add user.
Fill in the required fields Username, Email, First Name and Last Name.
You should join one of the keycloak groups above.
Click Create
Change to the Credentials tab of the new user and set a password.
Note
After creating a new user, do not forget to assign the user to a project in Projects section. If a user logs in without being assigned to any project, they may end up in an undefined or broken state, such as an endless reload loop. In the case this happens, delete browser cookies manually to reset the state.
Connecting an Active Directory
In order to connect to an active directory go to the tap User Federation. Depending on your needs select ldap or kerberos. The necessary configuration you should be able to get from your institution. If everything is configured correctly you are able to login with the credentials from the Active Directory.