第5章 Authenticating KIE Server through RH-SSO
KIE Server provides a REST API for third-party clients. If you integrate KIE Server with RH-SSO, you can delegate third-party client identity management to the RH-SSO server.
After you create a realm client for Red Hat Decision Manager and set up the RH-SSO client adapter for Red Hat JBoss EAP, you can set up RH-SSO authentication for KIE Server.
Prerequisites
- RH-SSO is installed as described in 2章Installing and configuring RH-SSO.
-
At least one user with the
kie-server
role has been added to RH-SSO as described in 「Adding Red Hat Decision Manager users」. - KIE Server is installed in a Red Hat JBoss EAP 7.3 instance, as described in Installing and configuring Red Hat Decision Manager on Red Hat JBoss EAP 7.3.
This chapter contains the following sections:
Except for 「Creating the KIE Server client on RH-SSO」, this section is intended for standalone installations. If you are integrating RH-SSO and Red Hat Decision Manager on Red Hat OpenShift Container Platform, complete the steps in 「Creating the KIE Server client on RH-SSO」 and then deploy the Red Hat Decision Manager environment on Red Hat OpenShift Container Platform. For information about deploying Red Hat Decision Manager on Red Hat OpenShift Container Platform, see the relevant document on the Red Hat Customer Portal.
5.1. Creating the KIE Server client on RH-SSO
Use the RH-SSO Admin Console to create a KIE Server client in an existing realm.
Prerequisites
- KIE Server is installed in a Red Hat JBoss EAP 7.3 server, as described in Installing and configuring Red Hat Decision Manager on Red Hat JBoss EAP 7.3.
- RH-SSO is installed as described in 2章Installing and configuring RH-SSO.
-
At least one user with the
kie-server
role has been added to RH-SSO as described in 「Adding Red Hat Decision Manager users」.
Procedure
- In the RH-SSO Admin Console, open the security realm that you created in 2章Installing and configuring RH-SSO.
Click Clients and click Create.
The Add Client page opens.
On the Add Client page, provide the required information to create a KIE Server client for your realm, then click Save. For example:
-
Client ID:
kie-execution-server
-
Root URL:
http://localhost:8080/kie-server
Client protocol:
openid-connect
注記If you are configuring RH-SSO with Red Hat OpenShift Container Platform, enter the URL that is exposed by the KIE Server routes. Your OpenShift administrator can provide this URL if necessary.
-
Client ID:
-
The new client Access Type is set to
public
by default. Change it toconfidential
and click Save again. -
Navigate to the Credentials tab and copy the secret key. The secret key is required to configure the
kie-execution-server
client.