In order to use the plugin you have to create an OpenID Connect client. This page describes how to create a client in Keycloak. If you wish to use the plugin with a different OpenID-connect provider please consult the manual of that provider.
Creating a new Client
Further Configuration
It may be necessary to configure additional aspects of Keycloak in order for the plugin to work for your specific setup.
Username, Full Name and Email
The plugin uses the preferred_username claim in the ID token as username when logging in or creating new users. In Keycloak the username property is mapped to this field by default. You may want to change this if you want a different property to be used as username for the Jira/Confluence users. Please note that the preferred_username field is assumed to be constant for a user by the plugin, so please set up the desired username before configuring the plugin. The mapping of the field can be changed under the Mappers tab of the Jira/Confluence client by configuring the username Token mapper.
Similarly the name and email claims are used as full name and email. You can also set up mappers to use different fields in Keycloak to fill these claims.
Groups
The plugin has the ability to synchronize groups from Keycloak to Jira/Confluence/Bitbucket. This functionality is used when the plugin creates new users or updates groups for existing users on login. The plugin can use the Keycloak client roles as well as other custom claims to set the groups in Jira/Confluence/Bitbucket. These claims have to be set up for the group synchronisation to work properly. A guide on how to set up client roles for group synchronization can be found here.