Keycloak Upgrade#

With the release of Anaconda Enterprise 5.6, significant improvements have been made to our Keycloak implementation. For details, please see the release notes.

Upgrading to Anaconda Enterprise 5.6 requires Keycloak configuration changes to access your instance. You’ll need to add a service account with correct permissions to the anaconda-platform client, then add a protocol mapper to the roles client scope.

Enabling the service account#

After your upgrade to Anaconda Enterprise 5.6+ completes:

  1. Open a browser and log in to your Keycloak admin panel using your existing Keycloak credentials. Your Keycloak admin panel can be found at https://<FQDN>auth/admin where <FQDN> is your Anaconda Enterprise fully qualified domain name.

  2. Verify you are on the anaconda-platform realm.

  3. Select Clients from the left-hand navigation, then select anaconda-platform from the list of available clients.

  4. Select the Service accounts roles checkbox under Capability config, then save your changes.

  5. Select the new Service accounts roles tab that appears at the top of the page.

  6. Click Assign role.

  7. Open the filter dropdown menu and select Filter by clients.

  8. Search for the view-users role.

  9. Select the role, then click Assign.


Adding the protocol mapper#

  1. Select Client scopes from the left-hand navigation, then select roles from the list of available client scopes.

  2. Select the Mappers tab.

  3. Open the Add mapper dropdown menu and select By configuration.

  4. Select Audience.

  5. Complete the fields and set the toggle switches as indicated:

    • Name - my-audience

    • Included Client Audience - anaconda-platform

    • Add to ID token - ON

    • Add to access token - ON

  6. Click Save.


Success! You can now log in to your instance from an existing account and use AE5 normally.