# Configure OIDC on Keycloak for a Web Service

This section will guide you in configuring authentication via OIDC with Keycloak.

## Client Configuration

1. Go to the "Clients" page and click on the "Create" button : 

<figure><img src="https://docs.dydu.ai/~gitbook/image?url=https%3A%2F%2Flh7-qw.googleusercontent.com%2Fdocsz%2FAD_4nXe9a2pi_LxpcglWT41sxYZ3ROj_Wf5cskXibw86_BwCHsC7TukpRunrd1wyy0lrLjCBzzl5_RbjG4eQx-rrCsZuKnXSZmlOL1kF81cO6FflmRgyzuBhupI7y3Xki1zXzqs3PEBRm6yMv9tUvmYOcx9kDPE%3Fkey%3D_7omhS_ZQ-TvWJo5H9s0Bg&#x26;width=768&#x26;dpr=4&#x26;quality=100&#x26;sign=95e571f7&#x26;sv=1" alt="" width="563"><figcaption></figcaption></figure>

2. Assign a name to the “Client ID” (necessary for the configuration on the BMS).
3. Set the “Access Type” to “confidential”.
4. Set “Service Accounts Enabled” to “true”.

<figure><img src="https://docs.dydu.ai/~gitbook/image?url=https%3A%2F%2Flh7-qw.googleusercontent.com%2Fdocsz%2FAD_4nXceD1tGfXSSDh9C9o1AsoPtJSZjw62g7zoW_tBa_xL9VM9woW1exjymRsnFtjDk0cuVuC2Up8bHPNbT0xN7JCDsCaxFAxpylbdb9q283kUATnILcgtorKSsLJkpVixaY5eV3k2x59JCw4VlAE72io0o0pbw%3Fkey%3D_7omhS_ZQ-TvWJo5H9s0Bg&#x26;width=768&#x26;dpr=4&#x26;quality=100&#x26;sign=30f89591&#x26;sv=1" alt="" width="563"><figcaption></figcaption></figure>

5. Add “Root URL”, “Valid Redirect URLs”, “Admin URL”, and “Web Origins” with the address of the BMS where the Web Service is located. In the example below, dev.mars :&#x20;

<figure><img src="https://docs.dydu.ai/~gitbook/image?url=https%3A%2F%2Flh7-qw.googleusercontent.com%2Fdocsz%2FAD_4nXexInzhoHAblJAHL7U5s3DcxArbyoB7-eX8aZTIoFBO9kNuSkRHUHQiXcUdp4ORJ0B7f_4C7oBj9xyjbuzDEmflXaZSOpcY4UeBzh4uUKa4W19Ss22zYxIaN0oyuWIxgNW9Cnwakand__x6Nn4ErdniHuBZ%3Fkey%3D_7omhS_ZQ-TvWJo5H9s0Bg&#x26;width=768&#x26;dpr=4&#x26;quality=100&#x26;sign=4d07eb83&#x26;sv=1" alt="" width="563"><figcaption></figcaption></figure>

6. Click on “Save” at the bottom of the page.

<figure><img src="https://docs.dydu.ai/~gitbook/image?url=https%3A%2F%2Flh7-qw.googleusercontent.com%2Fdocsz%2FAD_4nXfyrCJa-7LziPfuRNvfQ5acng3PZsI9nC_yoSVNaUda366b9J2nmztNULl_jGiEmgi2ZpXq-oEo4-gT6BsNMJywSDNRke4c75mmEpAiTsZaNNhnR4tFLUo6G7FKq3TwFTGLmUjTs862CC1TyFEKys8NWNch%3Fkey%3D_7omhS_ZQ-TvWJo5H9s0Bg&#x26;width=768&#x26;dpr=4&#x26;quality=100&#x26;sign=eeef00d1&#x26;sv=1" alt="" width="563"><figcaption></figcaption></figure>

## Configuration of the Web Service Authentication for BMS

### Retrieve the Client Secret

Go to the “Credentials” tab of the client and retrieve the secret (necessary for configuration in the BMS).

<figure><img src="https://docs.dydu.ai/~gitbook/image?url=https%3A%2F%2Flh7-qw.googleusercontent.com%2Fdocsz%2FAD_4nXfdW3OBIYRR5lpcsbmZ3pLlZVGLHDBIOwLFmiO7gNcDz5Sv28UPEEsvE_YSLI7ma0tZjDmATaE1mxyjPfXBCDgD5SoctVYdTTBXFVjuHNH_yISW4FpJjtHKyxPYwG51HlZNfRUj5BWYezxpw7q0542Bs7Dd%3Fkey%3D_7omhS_ZQ-TvWJo5H9s0Bg&#x26;width=768&#x26;dpr=4&#x26;quality=100&#x26;sign=97372aa2&#x26;sv=1" alt="" width="563"><figcaption></figcaption></figure>

### Retrieve the token URL

1. Go to “Realm Settings.”

<figure><img src="https://docs.dydu.ai/~gitbook/image?url=https%3A%2F%2Flh7-qw.googleusercontent.com%2Fdocsz%2FAD_4nXf11fGkTEpM_VmC9dZJVjWVaqQ-YEgq6xq7AhtNZ_PGDcO3gTYqn5ucdauXcDDDPQLoFNEZ4i76akLr0mMrvl4_oPGzTQ42EAj0EEasD51U2dZepT6-7zc_Yq70AEBkP5o-I-Y19ed9HDDSiSXNNKsVEtXc%3Fkey%3D_7omhS_ZQ-TvWJo5H9s0Bg&#x26;width=768&#x26;dpr=4&#x26;quality=100&#x26;sign=87a8d952&#x26;sv=1" alt="" width="563"><figcaption></figcaption></figure>

2. Click on “OpenID Endpoint Configuration.”

<figure><img src="https://docs.dydu.ai/~gitbook/image?url=https%3A%2F%2Flh7-qw.googleusercontent.com%2Fdocsz%2FAD_4nXdXo7UdLWltBlJeqC1xe_1ZCD8_N5IY0U3cIcyFwM7DY1UU6nmM9WExoREmiGuJK25au-VaaN9Wr6DOu36OqjBDhfNBEZnphIl-81MpVI9UbI5j8EBo_NjHric_p6jwy9e954pXGfZS7jt_nBofNGnxlX7P%3Fkey%3D_7omhS_ZQ-TvWJo5H9s0Bg&#x26;width=768&#x26;dpr=4&#x26;quality=100&#x26;sign=dab80e09&#x26;sv=1" alt="" width="563"><figcaption></figcaption></figure>

3. At the bottom of the file, locate “token\_endpoint.”
4. Copy the value to configure it in the BMS.

<figure><img src="https://docs.dydu.ai/~gitbook/image?url=https%3A%2F%2Flh7-qw.googleusercontent.com%2Fdocsz%2FAD_4nXcYz5JGn1W1__OnKm0vOx9IWfO60cSOYEZoawNIk5wHQAsbqOD77h6HrgtAMqiqxuh5T6XO8qEcCWRJLAOhRz3-HsME0qlSNduUfi2nwj9x0mRw0ZXX9Y5QBFId7mwpth7I7U-EqyBSsV_d3qrjJmpLzdb9%3Fkey%3D_7omhS_ZQ-TvWJo5H9s0Bg&#x26;width=768&#x26;dpr=4&#x26;quality=100&#x26;sign=80b6f2bd&#x26;sv=1" alt=""><figcaption></figcaption></figure>

### Configuration of the web service in the BMS

All that remains is to go to the BMS and fill in the following fields :&#x20;

<figure><img src="https://docs.dydu.ai/~gitbook/image?url=https%3A%2F%2Flh7-qw.googleusercontent.com%2Fdocsz%2FAD_4nXe7tm2tJhB7mY2KWEkULB4eUbaOXPtXNseE2mjW1yhC__dq2FASIv8r3IMoZRogTlYv_tUOJkBdtqtr_ZHWewkdICtQ5qiwY0Vp8qXmYh6_O0y18iZDNPVlGyUBsu7FR-1QxBW6w7_eUp4H7oqc8M8yIsgq%3Fkey%3D_7omhS_ZQ-TvWJo5H9s0Bg&#x26;width=768&#x26;dpr=4&#x26;quality=100&#x26;sign=3e32f2a5&#x26;sv=1" alt="" width="563"><figcaption></figcaption></figure>

* **Token URL**: To retrieve it, simply follow these [steps](#retrieve-the-token-url).
* **Client ID**: Configured during the creation of the [Client](#client-configuration).
* **Client Secret**: To retrieve it, simply follow this [step](#retrieve-the-client-secret).