Info

This document focus on the following:

Customer has a central user management system such as keyCloak
Customer wants to use KeyCloak to login into Iguana
Leverage KeyCloak API and Iguana External Authentication with From HTTPS Channel for login

Design

...

Considerations

Recommended to use a dedicated Iguana with a From HTTP Channel for Authentication, separate from the Production Iguana (Note: API call temporarily logs Username and Password).
When external authentication is used, Iguana creates an “Ad Hoc” user session. Iguana will create an Ad Hoc user with no permissions if there are no matching Roles setup in both Iguana and KeyCloak. If a matching Iguana Role exists, Iguana will login the Ad Hoc user with the matching Iguana Roles.
The KeyCloak password and Iguana password do not need to match. Only the Role names.

...