Skip to content

Authorization

Talisman

Talisman leverages role-based access control (RBAC) to ensure secure and efficient management of integration services through the Platform. We define two primary roles within the system to cater to different user needs and access levels:

  • talisman-user: This role is designed for users who require view-only access. Users assigned to the talisman-user role can monitor the health, performance, and metrics of the integration services but cannot modify any configurations or deployment settings. This role is ideal for stakeholders who need to stay informed about the system's status without directly managing the services.

  • talisman-developer: Users with the talisman-developer role have full control over the system. This includes the ability to create, modify, and delete integration services, manage deployment settings, and configure integrations with external systems. The talisman-developer role is suited for developers and engineers responsible for the development and maintenance of the integration services.

Talisman uses Keycloak OIDC for authentication and authorization

Keycloak configuration

  1. Create or select Reaml for Talisman users
  2. Create two clients

    FRONTEND
    Client Id TALISMAN-FRONTEND
    Client authentication Off
    Authentication flow Standard flow, Direct access grants, Implicit flow
    Root URL https://host
    Home URL https://host
    Valid redirect URIs https://host/*
    Valid post logout redirect URIs +
    Web origins *
    Front channel logout On
    Backchannel logout session required On
    BACKEND
    Client Id TALISMAN-BACKEND
    Client authentication On
    Authentication flow Standard flow, Direct access grants, Implicit flow
    Root URL https://host
    Home URL https://host
    Valid redirect URIs https://host/*
    Valid post logout redirect URIs +
    Web origins *
    Front channel logout On
    Backchannel logout session required On

    For BACKEND client generate Client Secret on Credentials Tab.

  3. Create two roles: talisman-user and talisman-developer