Setting Up the HYPR Keycloak Authenticator
IdP and SP Management: Keycloak Installation
Enabling the HYPR Authenticator
The HYPR Authenticator for Keycloak must be enabled in every Keycloak Realm where it is intended to be used. In this document we will use the Example Realm in the screenshot examples.
- Start by accessing the Keycloak deployment's administration console. From the administration console select Authentication from the navigation tree.
- From the Authentication settings select the New option on the right. This will initiate the process of creating a new authentication flow within Keycloak.
Alias ID identifies the new configuration and will be displayed as the option for the HYPR Authenticator in Keycloak Clients; our example uses HYPRAuthenticator
Leave the Top Level Flow Type set to generic
Select Save to continue
- Now that this authentication flow has been created, select Add execution on the right.
From the Provider drop-down selection choose HYPR Authenticator.
Select Save to continue.
Now that the HYPR Authenticator execution has been added, select the radio button for REQUIRED.
From the Actions drop down on the right select Config to continue.
This will provide you the configuration settings to point the HYPR Authenticator to your HYPR deployment. Fill in these fields as described in the following table; then select Save to complete the HYPR Authenticator configuration.
|Alias||Name of the Configuration.||This value is an alias for reference within Keycloak. This can be set to any string value.|
|Cookie Username||Max age in seconds of the username.||3000|
|HYPR Relying Party App ID||The application ID of the application created within your HYPR Control Center.||webApp|
|HYPR Relying Party URL||The base URL of your HYPR Server deployment.||https://example.gethypr.com|
|HYPR License URL||This is the URL of the HYPR licensing service. If you are using the HYPR Application on the Application Store it must be set to:|
|HYPR License Enabled||If you are using the HYPR Application on the Application Store this must be toggled ON.|
This can be togled OFF if there was a custom SDK deployment.
|Authenticator Logo URL||This is a URL to a |
Applying the HYPR Authenticator Flow to a Client
With the HYPR Authenticator configured, we are ready to apply this to our federated clients within Keycloak.
- Start by selecting Clients in the left navigation tree. This will display each client configured for this Keycloak realm.
- Select the client to use HYPR for authentication.
Scroll to the bottom of the Clients settings and open the drop down for Authentication Flow Overrides.
From the Browser Flow drop-down setting, select the alias for the HYPR Authenticator Flow previously created.
Select Save to apply these settings.
This client will now use the HYPR Authenticator for authentication.
Updated 3 months ago