Page tree
Skip to end of metadata
Go to start of metadata

Create a realm

Create a new realm for your IoT network within Keycloak with default settings. 

Create a client for Border Gateway

  1. Create a new client (e.g. call it "bgw_client)
  2. Got to tab "Settings" and set buttons "Standard Flow Enabled" and "Direct Access Grant Enabled" to On. Add https://<your_domain_used_in_certificate>:443/callback to "Valid Redirect URIs".
  3. Go to tab "Mappers" and create the following attribute mappers (see the following screenshots):
    • User attribute mapper. Token Claim Name must be bgw_rules.
    • "Add to access token" must be checked. 


    • Optional: Group attribute mapper. Token Claim Name must be bgw_rules_<your_group_name>.
    • "Add to access token" must be checked. 


Add rules to users and groups

Rules are defined as attributes that are then included in the access token. The rules format allows wildcards # and + in the same way it is commonly used for MQTT topics. See here.

Add a user attributes with the same key that is set for User Attribute in attribute mapper (i.e. bgw_rules). Multiple rules should be separated with spaces.

Add rules as group attributes with the same key that is set for User Attribute attribute mapper (i.e. bgw_rules_<group_name>). Multiple rules should be separated with spaces.


  • No labels