Authorization

Talisman leverages role-based access control (RBAC) to ensure secure and efficient management of integration services through the Platform. We define two primary roles within the system to cater to different user needs and access levels:

talisman-user: This role is designed for users who require view-only access. Users assigned to the talisman-user role can monitor the health, performance, and metrics of the integration services but cannot modify any configurations or deployment settings. This role is ideal for stakeholders who need to stay informed about the system's status without directly managing the services.
talisman-developer: Users with the talisman-developer role have full control over the system. This includes the ability to create, modify, and delete integration services, manage deployment settings, and configure integrations with external systems. The talisman-developer role is suited for developers and engineers responsible for the development and maintenance of the integration services.

Talisman uses Keycloak OIDC for authentication and authorization

Keycloak configuration

Create or select Reaml for Talisman users

Create two clients

FRONTEND
Client Id	TALISMAN-FRONTEND
Client authentication	Off
Authentication flow	Standard flow, Direct access grants, Implicit flow
Root URL	https://host
Home URL	https://host
Valid redirect URIs	https://host/*
Valid post logout redirect URIs	+
Web origins	*
Front channel logout	On
Backchannel logout session required	On

BACKEND
Client Id	TALISMAN-BACKEND
Client authentication	On
Authentication flow	Standard flow, Direct access grants, Implicit flow
Root URL	https://host
Home URL	https://host
Valid redirect URIs	https://host/*
Valid post logout redirect URIs	+
Web origins	*
Front channel logout	On
Backchannel logout session required	On

For BACKEND client generate Client Secret on Credentials Tab.

Create two roles: talisman-user and talisman-developer