AlgoTrader is integrated with Keycloak in order to provide multi-user support. All user credentials are securely stored in Keycloak. It provides an advanced administration panel to manage user permissions, integrations with external Identity Providers (e.g. corporate email like Microsoft Exchange, Google, LDAP, Active Directory). It also supports Two Factor Authentication using Time-Based tokens (Google Authenticator) or even U2F keys.
AlgoTrader Server and Dashboard are secured using OpenID Connect (OAuth2). It's possible to add additional applications that will communicate with AlgoTrader within the same Realm and will use Keycloak for authentication and authorization
Please refer to AlgoTrader and Keycloack documentation for more details:
This article describes the user database federation between AlgoTrader's Keycloak instance and the LDAP directory. For the convenience of this tutorial, we will be using JumpCloud Directory Provider as an example LDAP Server:
Setup JumpCloud LDAP Server
Go to the JumpCloud console and add some users:
One of the users must be enabled as LDAP Bind DN. That will allow the user to bind to and search the JumpCloud LDAP service. This user will be used by Keycloak to communicate with LDAP Server.
In this tutorial, we will use "ldap-user" as a username.
After setting up all users, go to LDAP settings of JumpCloud console:
Bind all (or selected users) to JumpCloud LDAP instance:
NOTE: Only one user should have a status: LDAP Bind DN
Login to AlgoTrader Keycloak Admin Panel by navigating to:
Make sure you're in "Algotrader" realm and navigate to "User Federation" section.
Pick the "ldap" option.
Pick the "other" vendor from the vendor list:
Fill in the connection URL box (ldaps://ldap.jumpcloud.com:636 for JumpCloud server)
Click the "Test Connection" button. Keycloak should report Successful status:
Copy the ORD DN that can be found in JumpCloud -> LDAP -> Details page and paste it into Keycloack's Users DN field:
Now, provide the details on the "special" user that is able to query the directory. In this case, the username is "ldap-user".
Go to user details in JumpCloud console and find the user's LDAP distinguished name in the Details tab:
Paste the value to Keycloak along with the password for the user (should be set during user creation or later).
Click "Test authentication" button. Keycloak should report successful authentication:
For JumpCloud, it is required to change the "Search scope" to "subtree":
Save the LDAP provider settings in Keycloak by clicking "Save" button:
You should be now able to synchronize users between directories. Click "Synchronize all users" button:
All JumpCloud users should be now visible in Keycloak's "Users" tab:
You should be now able to login to the AlgoTrader Dashboard using any user previously configured in the JumpCloud LDAP directory:
NOTE: Some Directory specific mappings may be required. Those can be configured in Keycloak -> User Federation -> Ldap -> LDAP Mappers: