Skip to content

Configure the OIDC Settings


OIDC Identity Provider

SEAL OP-CLI authenticates a user via the OAuth 2.0 and the OpenID Connect protocol. For this, an OIDC identity provider is required.

A preconfigured Keycloak identity provider is provided by SEAL Systems for test purposes. In practice, another OIDC identity provider already installed at the customer's will be used for the user authentication and authorization.

Literature - OIDC identity provider

For more information about Keycloak and other OIDC identity providers used with the SEAL Systems products, refer to the SEAL Interfaces for OIDC documentation.

Hint - version

The client configuration required for SEAL OP-CLI is available as of version 6.0.1-103 of the preconfigured Keycloak (seal-keycloak-6.0.1.103.msi).


Steps with SEAL OP-CLI

Set the following Windows environment variables before calling SEAL OP-CLI unless the correspondent default applies or the correspondent value will be specified as option:

  • AUTH_ISSUER_URL: OIDC issuer URL; default: The URL is retrieved from the seal-operator-server service.

  • OPCLI_AUTH_CLIENT_ID: Client name configured in the OIDC identity provider; default: seal-opcli; can also be specified with the --auth-client-id option.

  • OPCLI_AUTH_CLIENT_SECRET: Client secret for retrieving the OIDC identity provider's access token; default: The secret installed with the SEAL-specific Keycloak; can also be specified with the --auth-client-secret option.


Back to top