Keycloak

Download Keycloak and extract the archive.

Setting Up Keycloak

Accessing the Administration Console

1. Navigate to Keycloak's bin directory.
2. Start the batch file kc.bat with the parameter 'start-dev': kc.bat start-dev.
3. Open a web browser and browse to localhost:8080.
4. Create an admin account.
5. Click the Open Administration Console button and log in with the admin account.

Configuring Keycloak

1. In the Administration Console, click on the drop-down menu at the top-left of the page and select Create realm.
2. Name the realm, for example, "AMTRealm" and click the Create button.
3. Navigate to Clients in the sidebar menu, then click the Create client button.
4. In the General settings menu, configure the following:
   
   1. Client type: OpenID Connect
   2. Client ID: AMT
   3. Name: AMT
   4. Description: AMT
   5. Always display in UI: User preference
5. Click the Next button.
6. Leave the Capability settings as is and click the Next button.
7. Configure the following Login settings:
   1. Root URL: http://localhost:4200
   2. Home URL: http://localhost:4200
   3. Valid redirect URIs:
      1. http://localhost:4200
      2. http://localhost:4300
   4. Valid post logout redirect URIs: None
   5. Web origin: +
8. Navigate to Client scopes in the sidebar menu, then click the Create client scope button.
9. Configure the following Client scope settings.
   1. Name: audience_scope
   2. Description: Scope created to append correct audience to access tokens
   3. Type: None
   4. Protocol: OpenID Connect
   5. Display on consent: On
   6. Consent screen text: ?
   7. Include in token scope: Off
   8. Display Order: ?
10. Click the Save button.