Setting Up A Keycloak Server For Authenticating To FileMaker: Part 6: Configuring FileMaker

Update 2021–11–23:

The Outline Plan

  • Configure and turn on the Microsoft Azure AD external authentication setting
  • Stop the database server
  • Edit the entry for Microsoft Azure AD in a XML file to include details of our Keycloak server
  • Start the database server again

Configuring External Authentication

Adjusting The XML File

Macintosh HD/Library/FileMaker Server/Data/Preferences
C:\Program Files\FileMaker\FileMaker Server\Data\Preferences
<keys name="oAuthProviders">
<keys name="Microsoft">
<key name="AuthCodeEndpoint" type="string">login.microsoftonline.com/Keycloak/oauth2/authorize</key>
<key name="AuthType" type="integer">2</key>
<key name="ClientID" type="string">Keycloak</key>
<key name="ClientSecret" type="string">AcOfLBVJAbwVs3AokL3Uww==</key>
<key name="EncryptedClientSecret" type="integer">1</key>
<key name="Logo" type="string"/>
<key name="OAuthGroupScheme" type="string">groups</key>
<key name="OAuthIDName" type="string">id</key>
<key name="OIDCEnabled" type="integer">1</key>
<key name="OIDCIssuer" type="string"/>
<key name="ProfileEndpoint" type="string"/>
<key name="Provider" type="string">Microsoft</key>
<key name="ProviderEnabled" type="integer">1</key>
<key name="ProviderID" type="integer">4</key>
<key name="RedirectURL" type="string"/>
<key name="ResponseType" type="string">code</key>
<key name="Scope" type="string">openid groups</key>
<key name="TokenEndpoint" type="string">login.microsoftonline.com/Keycloak/oauth2/token</key>
</keys>
</keys>
  • From this JSON, copy the value for “authorization_endpoint” and paste this into the XML document for the entry “AuthCodeEndpoint” — don’t include the “https://”
  • Next, copy the “token_endpoint” value and paste this into the XML document for the entry “TokenEndPoint” — don’t include the “https://” and as of FileMaker Server 19.2.1, this can not have a port listed
  • Close the JSON window and back in Keycloak, go to Clients, click on the client you created and copy the Client ID value and paste this in the XML for the “ClientID” entry.
  • Back in Keycloak, click the Credentials tab for our Client and copy the Secret value and paste that in the XML for the “ClientSecret” entry.
  • In the XML, adjust the “OAuthIDName” entry from “id” to “email”
  • Under the “Provider” entry, change that from “Microsoft” to “Keycloak”
  • And finally, under “Scope” add “email” after “openid”
<keys name="oAuthProviders">
<keys name="Keycloak">
<key name="AuthCodeEndpoint" type="string">DOMAIN_NAME/auth/realms/YOUR_REALM/protocol/openid-connect/auth></key>
<key name="AuthType" type="integer">2</key>
<key name="ClientID" type="string">CLIENT_ID</key>
<key name="ClientSecret" type="string">CLIENT_SECRET</key>
<key name="EncryptedClientSecret" type="integer">1</key>
<key name="Logo" type="string"/>
<key name="OAuthGroupScheme" type="string">groups</key>
<key name="OAuthIDName" type="string">email</key>
<key name="OIDCEnabled" type="integer">1</key>
<key name="OIDCIssuer" type="string"/>
<key name="ProfileEndpoint" type="string"/>
<key name="Provider" type="string">Keycloak</key>
<key name="ProviderEnabled" type="integer">1</key>
<key name="ProviderID" type="integer">4</key>
<key name="RedirectURL" type="string"/>
<key name="ResponseType" type="string">code</key>
<key name="Scope" type="string">openid email groups</key>
<key name="TokenEndpoint" type="string">DOMAIN_NAME/auth/realms/YOUR_REALM/protocol/openid-connect/token>
</keys></key>
</keys>

Configuring The FileMaker Database

Using Keycloak To Log Into The Database

Get ( AccountName )       // user@acmeinc.com
Get ( AccountGroupName ) // fm-users
Get ( AccountType ) // Azure - again this is because we repurposed the Azure AD entry

Summary

--

--

--

FileMaker Developers; Keycloak Enthusiasts; Data Magicians

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Robot Framework: Creating Custom Keywords

DUCTF 2021 Write-ups

Supply Chain Optimization through Open Source and the Cloud

My journey as a self-taught programmer — Part 1

Azure Messaging: When to use What and Why? Post 1

What Are The Pros And Cons Of Using Vue.js

Building the Unsplash Uploader

Running CICD Using Git, Jenkins, Ansible, Apache

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sounds Essential

Sounds Essential

FileMaker Developers; Keycloak Enthusiasts; Data Magicians

More from Medium

Keycloak, clients and roles: a tutorial

Varnish Tutorial Part 1: HTTP Caching With Varnish

Provision a Object Storage cluster with Leaseweb Dedicated Server API

Authentication and Authorization Protocols