Configure Keycloak to Generate Link for Required User Action

Edit | Report

Overview

A new user can be created in Sunbird in the following two ways:

  • Self sign-up using Sunbird where user can provide email, phone and password during user creation
  • Bulk users creation by Organisation Admin where an initial password is not yet set

The Sunbird requires users to either verify email (when user is created by self sign-up) or set password (when users are created by bulk upload) for the first time before they are able to log in to Sunbird.

The verify email or set password link is sent to the newly created users via email and/or SMS. The generated link also consists of a redirect URI to which the user is redirected after completing the required action.

This document explains the configuration required in Keycloak to generate links for the required action to be performed by a new user.

Configure Environment Variables

Following environment variables need to be configured in Sunbird LMS service for generating required action links:

  • sunbird_sso_url
  • sunbird_sso_username
  • sunbird_sso_password
  • sunbird_sso_realm
  • sunbird_sso_client_id
  • sunbird_url_shortner_enable
  • sunbird_url_shortner_access_token
  • sunbird_keycloak_required_action_link_expiration_seconds

Note: For details on the environment variables, refer to Sunbird LMS Service Environment Variables.

Configure Administrator Role

It is mandatory to configure a user with administrator role permissions to be able to generate the required action link in Keycloak.

Step Screen
1. Enter your Username or email and Password
2. Click Log in to log into the Keycloak admin console
1. Click the Realm Selector dropdown from the navigation pane and select the appropriate realm.
Note: The Master realm is selected by default
3. Go to the Configure section and select the Roles tab
4. Go to the Realms Roles tab, click the Add Role button if the administrator role is not available in the Realm Roles table. If the role is available, then proceed to step 5
5. Go to the Users tab under the Manage section and search the user in the Lookup tab
6. Click the Role Mappings tab
7. Assign the admin role at realm level
8. Select the client option from the Client Roles drop-down list to which the user belongs and assign admin role at the client level

Configure Redirect URI

The redirect URI configuration is necessary to redirect user to Sunbird tenant’s specific home page after completing the required action steps

Step Screen
1. Go to the Configure section and select the Clients tab in the navigation pane
2. Click the client corresponding to the user configured in step 8 of above section
3. Select the Settings tab and click the Implicit Flow Enabled toggle button. Once this button is enabled, a Valid Redirect URIs text box is displayed
4. Enter values in the Root URL and Valid Redirect URIs text boxes

Edit | Report