Add Provider

VMware Telco Cloud Service Assurance
can store and manage users.You can point Keycloak to validate credentials from the external stores and synchronize the identity information.
  1. Go to
    https://Telcocloud serviceassurance-ui-IP
    .
    A typical default URL for logging in to the user interface from the same system on which
    VMware Telco Cloud Service Assurance
    is installed is, https://10.x.x.x.
  2. On the login screen, enter your user name and password.
  3. Click
    Next
    .
    The
    VMware Telco Cloud Service Assurance
    user interface opens.
  4. Navigate to
    Administration
    >
    Access
    >
    User Federation
    .
  5. To add provider, click
    Add
    , and provide the following information:
    Input Parameter
    Description
    Default Value
    Control Display Name
    Provide the provider name.
    NA
    Enabled
    Toggle
    Enabled
    to ON, allows provider to be considered in queries.
    ON
    Priority
    Provide a number. This number determines priority of the provider.
    0
    Import Users
    Toggle
    Import Users
    to OFF, allows provider to control the storage mode.
    OFF
    Edit Mode
    Select the user LDAP privileges from the following:
    • Read_Only
      : The mapped attributes are not editable.
    • Writable
      : The mapped attributes are synched back to LDAP on demand.
    • Unsynced
      : The mapped attributes can be imported, but cannot synch back to LDAP.
    READ_ONLY
    Sync Registrations
    Toggle
    Sync Registrations
    to ON. If you want new users created by Keycloak added to LDAP
    OFF
    Vendor
    Select an LDAP vendor.
    Active Directory
    Username LDAP attribute
    Provide the name of the LDAP attribute.
    CN
    RDN LDAP attribute
    Provide same as
    Username LDAP attribute
    .
    CN
    UUID LDAP attribute
    Provide the unique object identifier for objects in LDAP.
    NA
    User Object Classes
    Provide all the values of LDAP object class attributes for users in the LDAP separated by comma.
    *
    Users DN
    Provide the full domain name of LDAP tree, where you users are.
    ou=users,dc=tco,dc=com
    Connection URL
    Provide the connection URL of your LDAP server. And, test the connection.
    ldap://<fqdn of LDAP>
    Custom User LDAP Filter
    Provide custom user LDAP filter, to filter searched users.
    NA
    Search Scope
    Select the search scope from the drop down:
    • One level
      : The search applies only for users in the domain names specified.
    • Subtree
      : The search applies to the whole subtree.
    One level
    Bind Type
    Select the type of the authentication method used during LDAP
    Simple
    Bind DN
    Provide the domain name of LDAP admin. Used by keycloak to access LDAP server.
    cn=ldapadmin,ou=users,dc=tco,dc=com
    Bind Credential
    Provide the password for LDAP admin.
    NA
    Advance Settings
    Enable StartTLS
    Toggle
    Enable StartTLS
    to ON, allows provider to enable TLS
    NA
    Enable the LDAPv3 Password Modify Extended Operation
    Toggle
    Enable the LDAPv3 Password Modify Extended Operation
    to ON.
    NA
    Validate Password Policy
    Toggle
    Validate Password Policy
    to ON, allows provider to validate password policy.
    NA
    Trust Email
    Toggle
    Trust Email
    to ON,
    NA
    Use Truststore SPI alwaysOnly for ldapserver
    Specifies the LDAP connection uses the trust store SPI. Select from:
    • Always
    • Only for LDAP
    • Never
    NA
    Connection Timeout
    Provide the LDAP connection timeout in milliseconds.
    NA
    Read Timeout
    Provide the LDAP read timeout in milliseconds. This timeout applies for LDAP read operations.
    NA
    Pagination
    Toggle
    Pagination
    to ON, allows LDAP server to support pagination.
    NA
  6. Click
    Next
    .
Create user attribute LDAP mapper.