Add Provider
VMware Telco
Cloud Service Assurance
can store and
manage users.You can point Keycloak to validate credentials from the external stores and
synchronize the identity information.- Go tohttps://Telcocloud serviceassurance-ui-IP.A typical default URL for logging in to the user interface from the same system on whichVMware Telco Cloud Service Assuranceis installed is, https://10.x.x.x.
- On the login screen, enter your user name and password.
- ClickNext.TheVMware Telco Cloud Service Assuranceuser interface opens.
- Navigate toAdministration>Access>User Federation.
- To add provider, clickAdd, and provide the following information:Input ParameterDescriptionDefault ValueControl Display NameProvide the provider name.NAEnabledToggleEnabledto ON, allows provider to be considered in queries.ONPriorityProvide a number. This number determines priority of the provider.0Import UsersToggleImport Usersto OFF, allows provider to control the storage mode.OFFEdit ModeSelect the user LDAP privileges from the following:
- Read_Only: The mapped attributes are not editable.
- Writable: The mapped attributes are synched back to LDAP on demand.
- Unsynced: The mapped attributes can be imported, but cannot synch back to LDAP.
READ_ONLYSync RegistrationsToggleSync Registrationsto ON. If you want new users created by Keycloak added to LDAPOFFVendorSelect an LDAP vendor.Active DirectoryUsername LDAP attributeProvide the name of the LDAP attribute.CNRDN LDAP attributeProvide same asUsername LDAP attribute.CNUUID LDAP attributeProvide the unique object identifier for objects in LDAP.NAUser Object ClassesProvide all the values of LDAP object class attributes for users in the LDAP separated by comma.*Users DNProvide the full domain name of LDAP tree, where you users are.ou=users,dc=tco,dc=comConnection URLProvide the connection URL of your LDAP server. And, test the connection.ldap://<fqdn of LDAP>Custom User LDAP FilterProvide custom user LDAP filter, to filter searched users.NASearch ScopeSelect the search scope from the drop down:- One level: The search applies only for users in the domain names specified.
- Subtree: The search applies to the whole subtree.
One levelBind TypeSelect the type of the authentication method used during LDAPSimpleBind DNProvide the domain name of LDAP admin. Used by keycloak to access LDAP server.cn=ldapadmin,ou=users,dc=tco,dc=comBind CredentialProvide the password for LDAP admin.NAAdvance SettingsEnable StartTLSToggleEnable StartTLSto ON, allows provider to enable TLSNAEnable the LDAPv3 Password Modify Extended OperationToggleEnable the LDAPv3 Password Modify Extended Operationto ON.NAValidate Password PolicyToggleValidate Password Policyto ON, allows provider to validate password policy.NATrust EmailToggleTrust Emailto ON,NAUse Truststore SPI alwaysOnly for ldapserverSpecifies the LDAP connection uses the trust store SPI. Select from:- Always
- Only for LDAP
- Never
NAConnection TimeoutProvide the LDAP connection timeout in milliseconds.NARead TimeoutProvide the LDAP read timeout in milliseconds. This timeout applies for LDAP read operations.NAPaginationTogglePaginationto ON, allows LDAP server to support pagination.NA - ClickNext.
Create
user attribute LDAP mapper.