The EWC IAM system is part of the European Weather Cloud (EWC), providing centralized identity and access management based on Keycloak. This system ensures that users can securely access various EWC services with a single set of credentials.
To help you understand how the system works, this section covers the fundamental concepts and components involved.
A Realm in Keycloak is like a space where user identities, roles, and permissions are managed. Realms are logical units within Keycloak that keep different applications and their user bases separate. Each realm has its own setup, including unique configurations, users, roles, and clients.
For the EWC, each tenant in the EWC has its own unique Realm created during the on-boarding process.
Clients in Keycloak represent applications and services that users interact with. Each client has its own settings and permissions.
A User in Keycloak is anyone who needs to access the EWC services. Users have unique identities (like usernames and passwords) that they use to log in.
Roles define what actions users or groups of users can perform within the EWC IAM. Roles come with certain responsibilities and permissions. For example, an "Admin" role might have permissions to manage other users and configure settings.
TODO
TODO