Page tree
Skip to end of metadata
Go to start of metadata

Create a realm

Create a new realm for your IoT network within Keycloak with default settings. 

Create a client for Border Gateway

  1. Create a new client (e.g. call it "bgw_client)
  2. Go to tab "Mappers" and create the following attribute mappers (see the following screenshots):
    • User attribute mapper. Token Claim Name must be bgw_rules.
    • "Add to access token" must be checked. 


    • Optional: Group attribute mapper. Token Claim Name must be bgw_rules_<your_group_name>.
    • "Add to access token" must be checked. 


Add rules to users and groups

Rules are defined as attributes that are then included in the access token. The rules format allows wildcards # and + in the same way it is commonly used for MQTT topics. See here.

Add a user attributes with the same key that is set for User Attribute in attribute mapper (i.e. bgw_rules). Multiple rules should be separated with spaces.

Add rules as group attributes with the same key that is set for User Attribute attribute mapper (i.e. group_bgw_rules). Multiple rules should be separated with spaces.

Create an anonymous user

Create a new user with username "anonymous" and set password to "anonymous". Add an attribute to user anonymous with key "bgw_rules" and value "HTTP/# MQTT/#". This will grant users that connect to the Border Gateway without providing authentication full access to your HTTP and MQTT services. See the Configuration documentation on how to limit the access.


  • No labels