Keycloak
Keycloak is an open source Identity and Access Management solution that can be used to authenticate RapidMiner Go users.
To find out more about Keycloak, visit: https://www.keycloak.org/
When using Keycloak, the RMID component of Go is not needed.
Configuration
Edit the .env file to add the URL of your Keycloak installation: KEYCLOAK_URL=https://keycloak.mydomain.com
The KEYCLOAK_URL cannot be localhost because it needs to be accessible from inside the AM docker container.
You can create the sample Go realm by importing the realm file at keycloak/realm-export.json
This realm contains two OIDC clients - go-frontend and go-backend.
It also has 2 predefined roles:
go:user- the default user roleam:admin- admin role needed to access the automodeler Admin UI at/am/admin
Docker-compose configuration
You can find a sample docker-compose configuration in docker-compose-services-keycloak.yml.
To enable Keycloak authentication in Go add keycloak to Spring active profiles for the Automodeler service:
rapidminer-automodeler:
image: rapidminer/rapidminer-automodeler:${IMAGE_TAG_AM}
mem_limit: ${MEMORY_AM}
environment:
SPRING_PROFILES_ACTIVE: on-prem,db-postgresql,branding,keycloak
Here are some of the variables you might need to set:
KEYCLOAK_REALM: Go
KEYCLOAK_AUTH_SERVER_URL: ${KEYCLOAK_URL}/auth/
KEYCLOAK_RESOURCE: go-backend
FRONTEND_KEYCLOAK_CLIENT_ID: go-frontend
