This is only a high-level guide aiming to provide pointers on how the clients are created. The exact configuration of the client is always specific to the connected application.
OpenID Connect (OIDC) and SAML clients are supported. OIDC is the preferred client type whenever the connected application supports it.
- Access IAM (EUMETSAT EWC IAM - Accessing the system - European Weather Cloud Knowledge Base - ECMWF Confluence Wiki)
Go to Clients and click the Create client button. If the application provides a Resource file containing the necessary configuration, you can also try to import it using the Import client link.
Follow the Client creation Wizard. Consult the Keycloak documentation for the recommended values of the available configuration options: https://www.keycloak.org/docs/latest/server_admin/index.html#assembly-managing-clients_server_administration_guide. Below is an example default configuration. You always need to adjust it to the needs of the connected application.
Once the new client is created, in case of OIDC clients go to Credentials, retrieve the client secret and share it together with the Client ID entered in the first step of the wizard with the application owner. Alternatively configure another compatible method of authentication.
In addition to the Client ID and Client secret, the following address contains realm-related settings the connected application might need in order to integrate with the IAM:
OIDC: https://iam.eumetsat.europeanweather.cloud/realms/{tenancy-name}/.well-known/openid-configuration ( {substitute } with the name of your tenancy)
SAML: https://iam.eumetsat.europeanweather.cloud/realms/{tenancy-name}/protocol/saml/descriptor ( {substitute } with the name of your tenancy)