You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.
By default Keycloak is installed and configured so that it can be used by the Studio using the OIDC protocol.
Keycloak admin credentials
The admin user for Keycloak is a different user from the admin user for the Studio. The former is defined in the Master realm, while the latter is defined in the Studio-specific realm
The default admin credentials for Keycloak can be found in the file [Installation_Folder]\Keycloak\bin\kc-service.xml
It is recommended to change the admin password after installation via the Keycloak admin console.
Default configuration
The default configuration is created when installing Blueriq. This configuration is contained within a Keycloak realm which is used by the Studio. This section contains an overview of what the default configuration includes.
Clients
Two clients are created in the default configuration.
- studio-server: Used by the Studio backend, this is a private client which as admin access to the Studio
- encore: Used by Encore, this is a public client which retrieves an access token on behalf of a user in order to communicate with the Studio backend
The secret for the studio-server client must also be provided to the Studio backend in [Installation_Folder]\Studio\Services\StudioService.exe.config in the oidc and oidccustom elements
Client Scopes
A client scope studio is included in the realm. When requesting an access token, this scope will activate mappers which add additional information to resulting access token. This information is required by the Studio backend in order to validate the token.
Groups
A group studio-admin is created by default, in the standard Studio installation, this group is mapped to the Administrator role in the Studio, which has admin access to the Studio.
Users
The following users are created by default, all of them are members of the studio-admin group, and therefore have admin access to the studio.
- admin: the admin user of the Studio
- administrationpage: used by the administration page
- runtime: used by the runtime development dashboard to retrieve projects.
Restoring the default configuration
The default configuration can be restored using the Powershell scripts located at [Installation_Folder]\Studio\Keycloak\setup-keycloak-studio-realm.ps1
For example, you can run the script as follows from the Powershell command line, replacing *** with actual passwords
setup-keycloak-studio-realm.ps1 -KeycloakUrl http://localhost:150/Keycloak -KeycloakAdmin admin -KeycloakAdminSecret *** -RealmName "BlueriqStudio15" -StudioAdmin admin -StudioAdminSecret *** -AdminPageUser administrationpage -AdminPageSecret *** -RuntimeUser runtime -RuntimeSecret *** -StudioConfigPath "C:\Program Files\Blueriq15\Studio\Services\StudioService.exe.config"
The values for KeycloakAdmin and KeycloakAdminSecret can be found in the file [Installation_Folder]\Keycloak\bin\kc-service.xml.
Changing the values in kc-service.xml after installation will have no effect. Updating the admin password must be done via the Keycloak admin console. If the password has been changed after installation, the value in the kc-service.xml will be outdated.
Values for other password can be chosen at will, but the configuration for applications that must sign in using those passwords, must also be updated.
When restoring the default configuration, the script will also update StudioService.exe.config to set the correct authority url for the newly created realm and client secret for the studio-server cllient.
Managing Users & Groups
Adding a group
Adding a user
User Federation: NTLM
User Federation: Kerberos
Overview
Content Tools