Skip to main content
Skip table of contents

Creating Keycloak clients and accounts

Overview

Before you can request access and refresh tokens from Keycloak, you must create:

  • Clients – one for each application or user group that needs to use the OpenTV Suite APIs. (For example, you might have one client called postman_client for use by developers during integration, and another called crm_system for use by a CRM system.)
  • Keycloak accounts for the applications, systems, or individuals that will be making such requests.

Creating a Keycloak client

To create a Keycloak client:

  1. Open https://<base_url>/keycloak/auth/admin/master/console in a web browser, where <base_url> is the base URL of the OpenTV Suite deployment.
  2. Log in using the credentials that NAGRA provided to you as part of the deployment.
  3. In the left menu, under Configure, click Clients.
  4. At the right side of the toolbar, click Create.
  5. In Client ID, type an ID for the client.
  6. In Client Protocol, select openid-connect.
  7. Click Save. The client settings tab is displayed.
  8. Click the Settings tab, then:
    1. Set Standard Flow Enabled to OFF.
    2. Set Direct Access Grants Enabled to ON.
    3. Click Save.
  9. Click the Scope tab, then:
    1. Set Full Scope Allowed to OFF.
    2. In Available Roles, select operatorRole and click Add Selected.

Creating a Keycloak account

Depending on whether your deployment is managed by NAGRA or not, you should create operator and/or admin users. (In a NAGRA-managed deployment, admin users do not need to be created for operator use – only NAGRA needs admin users.)

To create a Keycloak operator or admin account:

  1. Open https://<base_url>/keycloak/auth/admin/master/console in a web browser, where <base_url> is the base URL of the OpenTV Suite deployment.
  2. Log in using the credentials that NAGRA provided to you as part of the deployment.
  3. In the left menu, under Manage, click Users.
  4. At the right side of the toolbar, click Add user.
  5. In Username, type the username for the user.
  6. Optionally, type the user's email address and first and last names in th appropriate fields.
  7. Make sure User Enabled is set to ON.
  8. Click Save. The user details tab is displayed.
  9. Click the Credentials tab, then:
    1. Set Temporary to OFF.
    2. In New Password, type the password for the user.
    3. In Password confirmation, type the password again.
    4. Click Reset Password.
    5. When prompted, confirm by clicking Change password.
  10. Click the Role Mappings tab, then in Available Roles, select either operatorRole or adminRole as appropriate and click Add Selected.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close