I am trying to connect Metabase with Keycloak. Currently metabase does not have modular SSO out the box. But it currently has is Google SSO or LDAP integration. Is their any way keycloak can simulate as LDAP server?
Asked
Active
Viewed 1,265 times
1 Answers
0
There is more than one version of Metabase, however, only the Enterprise version can do SSO (or you'll need the cloud version). If you just want to manage users, then read on...
Firstly, if you're thinking LDAP, then you'll need an LDAP server. OpenLDAP is a good choice. You'll need to do the following:
- Set up OpenLDAP
- Use the command line (or something like Apache Directory Studio) to create an LDAP group and some users to test
- Enable LDAP in Metabase. There is some configuration that needs to be in place, like the admin user DN and the user Search DN and Group DN, also attributes for mail, SN and CN (Metabase will be using the email address to login, so you're users need to use an email address as uid).
- Next it's Keycloak, you'll need a Realm, Group, Role, and Client configured. LDAP federation also needs to be enabled, then in the same client config a mapping (LDAP-Group-Mapping), and don't forget to enable syncing in the Sync Settings.
Once all this is done, you could access the KeyCloak Realm user account and an application link for metabase (configured from the Realm Client). Clicking that link will open the login page to Metabase, but there's no SSO (unless you pay for the enterprise edition), so you'd then have to login using your LDAP email address and password.
You can manage LDAP users from Keycloak and sync them back to your OpenLDAP server.
Coffee and Code
- 885
- 14
- 16