第5章 Authenticating KIE Server through RH-SSO

KIE Server provides a REST API for third-party clients. If you integrate KIE Server with RH-SSO, you can delegate third-party client identity management to the RH-SSO server.

After you create a realm client for Red Hat Decision Manager and set up the RH-SSO client adapter for Red Hat JBoss EAP, you can set up RH-SSO authentication for KIE Server.

Prerequisites

This chapter contains the following sections:

注記

Except for 「Creating the KIE Server client on RH-SSO」, this section is intended for standalone installations. If you are integrating RH-SSO and Red Hat Decision Manager on Red Hat OpenShift Container Platform, complete the steps in 「Creating the KIE Server client on RH-SSO」 and then deploy the Red Hat Decision Manager environment on Red Hat OpenShift Container Platform. For information about deploying Red Hat Decision Manager on Red Hat OpenShift Container Platform, see the relevant document on the Red Hat Customer Portal.

5.1. Creating the KIE Server client on RH-SSO

Use the RH-SSO Admin Console to create a KIE Server client in an existing realm.

Prerequisites

Procedure

  1. In the RH-SSO Admin Console, open the security realm that you created in 2章Installing and configuring RH-SSO.

  2. Click Clients and click Create.

    The Add Client page opens.

  3. On the Add Client page, provide the required information to create a KIE Server client for your realm, then click Save. For example:

    • Client ID: kie-execution-server
    • Root URL: http://localhost:8080/kie-server

    • Client protocol: openid-connect

      注記

      If you are configuring RH-SSO with Red Hat OpenShift Container Platform, enter the URL that is exposed by the KIE Server routes. Your OpenShift administrator can provide this URL if necessary.

  4. The new client Access Type is set to public by default. Change it to confidential and click Save again.
  5. Navigate to the Credentials tab and copy the secret key. The secret key is required to configure the kie-execution-server client.