Setup Single Sign-On of Harbor with Opstella

Prerequisites

To Setup Single Sign-On with Opstella, you need

• 📦Opstella Keycloak
  • While you reading this section and have not yet setup Opstella Keycloak, you can skip its consideration for now.
  • Your dedicated Keycloak Realm. ${KEYCLOAK_REALM} ; Please change accordingly
• 🔑OpenID Connect Credentials: Client ID, Client Secret.
  • Gather Client ID, Client Secret - from Opstella Keycloak Appendix - Gathering Client ID, Client Secret

Harbor with Opstella Single Sign-On Integration

You need to go to Harbor instance that you have installed and configure within its settings menu.

1. Gather 🔑OpenID Connect Credentials (Client ID, Client Secret)

2. Go to ${HARBOR_DOMAIN} and Login with Initial Admin Account

3. Go to Administration > Configuration > Authentication

   Configure by adjust/fill in the textfield follow by the list:

   💡 Your dedicated Keycloak Realm. ${KEYCLOAK_REALM} ; Please change accordingly

   • Auth Mode: OIDC
   • OIDC Provider Name: OPSTELLA (ALL CAPS)
   • OIDC Endpoint: https://${KEYCLOAK_DOMAIN}/realms/${KEYCLOAK_REALM}
   • OIDC Client ID: CHANGEME 🔑
   • OIDC Client Secret: CHANGEME 🔑
   • Group Claim Name: groups
   • OIDC Scope: openid,profile,email
   • Verify Certificate: ✅ Yes (Ticked)
   • Automatic onboarding: ✅ Yes (Ticked)
   • Username Claim: preferred_username

4. Click on TEST OIDC SERVER and it should inform Connection to OIDC server is verified

   

5. Click Save

   Testing Single Sign-On Integration in End-to-End Testing/Single Sign-On for Harbor