Skip to content

Role management in Keycloak

Intended Audience: OpenSlice Administrators

Some initial configuration of Keycloak happens at Installation/Deployment time. The Keycloak admin user must create and manage OpenSlice users.

By default, Keycloak is accessible via the {domain_URL}/auth path.

It is mandatory that an at least 1 "ADMIN" OpenSlice user exists at every instance.

The ADMIN role is needed to:

  • Configure NFVO targets
  • Enable NFV orchestration
  • Manage Service Catalogs and Categories
  • Design Service Specifications and manage their expose through Service Catalogs/Categories
  • Acknowledge Service Orders for fulfillment
  • Browse all Service Specifications, Orders, and Inventory
  • Browse all Resource Specifications and Inventory

Alternative, the USER role can be assigned so as to:

  • Access the marketplace
  • Issue Service Orders
  • Preview own Service Orders and Inventory

There are cases that OpenSlice/Keycloak administrators need to configure Keycloak, so as to:

  • Change user roles, e.g. make a Simple user (USER) a Service Designer (ADMIN)
  • Domain management, e.g. Access Token lifespan, allowed Origins
  • User Password reset