To configure it, we need to use gv-essentials from gv-essentials:
4.5.51 as the minimum version, with Keycloak settings enabled as shown below.
Steps
-
Enable Keycloak for LDAP over SSL (disabled by default): After enabling LDAP over SSL in Keycloak, you need to insert the truststore password and truststore base64 value for the
JKS file.
-
Creation of rootCA.jks File: The customer needs to create a truststore file that will contain the certificate for LDAPS. For this, the customer must have the Java tool
installed.
-
Create JKS Truststore File:
Create a JKS truststore file (name it
rootCA.jks) and add the certificate to it. Protect it with a password. Use your password and ensure that you use the
appropriate certificate for the LDAP connection. The example below demonstrates how to use your certificate (
ca.crt) and your password
(STR0ngPA55):
keytool -importcert -file ca.crt -keystore rootCA.jks -alias rootCA -storepass STR0ngPA55 -noprompt
-
Encode the Truststore File with Base64: Encode the
rootCA.jks file with base64:
-
Provide Base64 and Password:
- The customer needs to provide the base64 encoded
rootCA.jks file and the password for the truststore.
- These details will be installed to kubernetes through gv-essentials as shown in above image.
