4.3. Customization of Keycloak sign-in#
This section describes how to customize the theme for the sign-in form provided by Keycloak,
the identity provider in Nubus for Kubernetes.
You need the Helm Chart for Nubus,
your customized custom_values.yaml
deployment file,
and the files for customization described in this section.
4.3.1. Theme#
You can customize the following theme elements of Keycloak in Nubus:
The theme of the sign-in form including a branding.
Additional links at the bottom of the sign-in form.
The cookie consent banner.
The sign-in form of Keycloak shares the theme with the Univention Portal. For information about the customization of the portal, see Customization of portal theme.
4.3.2. Additional links#
Operators can add links below the sign-in dialog, for example to a password forgotten service, or legal information.
To configure up to twelve addition links,
add them to the list nubusKeycloakBootstrap.bootstrap.loginLinks
in your custom_values.yaml
deployment file.
Each item needs the following attributes:
link_number
:Consecutive number for the link determining the order.
description
:The label for the link.
language
:The language when the link applies.
href
:The target destination of the link.
See the example in Listing 4.6.
nubusKeycloakBootstrap:
bootstrap:
loginLinks:
- link_number: 1
description: "Website"
language: "en"
href: "https://www.example.com/"
- link_number: 2
description: "Privacy"
language: "en"
href: "https://www.example.com/privacy"
4.3.3. Apply configuration changes#
To apply and activate the configuration changes, use the following steps:
To apply the updated configuration in your
custom_values.yaml
deployment file to Nubus, run the commands shown in Listing 4.7.$ export NAMESPACE_FOR_NUBUS="Set to your Kubernetes namespace" $ export RELEASE_NAME="The Helm Chart release name" $ export VERSION="Your version of Nubus" $ helm upgrade \ "$RELEASE_NAME" \ --namespace="$NAMESPACE_FOR_NUBUS" \ oci://artifacts.software-univention.de/nubus/charts/nubus \ --values custom_values.yaml \ --version "$VERSION"
To ensure that Keycloak applies the settings, you must restart the Kubernetes pod for the UMC Gateway, because it serves the required data to Keycloak. Run the commands shown in Listing 4.8.
$ kubectl get pods --namespace "$NAMESPACE_FOR_NUBUS" | grep "umc-gateway" $ export NAME_OF_POD="Name of the pod in the output of the previous command." $ kubectl delete pod $NAME_OF_POD