Skip to content
K8SaaS

Client

Client configuration

Section titled “Client configuration”

The following configuration defines a Keycloak Client that specifies web origins and valid redirect URIs. This is mandatory to allow Keycloak authenticate applications and manage sessions.

Note: If you didn’t define the secret prior to making this client, Keycloak will generate one. You’ll be able to retrieve through the Keycloak UI.

apiVersion: k8saas.io/v1alpha1
kind: KeycloakClient
metadata:
  name: sampleapp-client
spec:
  realmId: k8saas
  clientId: clientid
  clientConfiguration:
    accessType: CONFIDENTIAL
    standardFlowEnabled: true
    webOrigins:
      - https://sampleapp.ref+file://config.yaml#/ingress/domainName+
    validRedirectUris:
      - https://sampleapp.ref+file://config.yaml#/ingress/domainName+/callback
    clientSecretSecretRef:
      name: <secret-name>
      namespace: <secret-namespace>
      key: <secret-client-key>
  groupMembershipClaim: groups

Make sure to set accessType to the desired value, such as CONFIDENTIAL or PUBLIC.