Keycloak with Denodo Solution Manager [Could not obtain token]

Hi, I am trying to configure Single Sign On using Open Id in Denodo Solution Manager. I was able to obtain most fields from open-id configuration provided by Keycloak except Token role field.

This is the documentation I am using: https://community.denodo.com/docs/html/browse/8.0/en/solution_manager/administration/authentication_and_authorization/authenticating_with_sso/authenticating_with_sso#openid-configuration

Open id settings I got from Keycloak realms → openid configuration.

Denodo now first shows keycloak login page so it is referring to keycloak for IAM. But, upon entering the user credentials in that login page, it does not login into Denodo and instead reopens Denodo login page and shows “Could not obtain access token”.

So my questions are:

  1. What is Token Role Field? How do I get it from Keycloak?
  2. I have created a realm, a client app (with denodo urls) and a user in Keycloak. Do I need to define roles to obtain access token?

If somebody has used Keycloak with Denodo, I would appreciate your guidance.

The “Token Role Field” is not a default. My guess is they want to know what field in the token you have mapped Denodo’s Authorization names to. E.g. if you set their authorization names as groups, map them to users, and then map them into the token, this is how Denodo figures out what roles the user has access to (see their “Authorization” documentation).

Your error doesn’t look related to the roles, but I’m not sure what Denodo is doing. Can you post the configuration options you’re using in the Client setup in Keycloak, and what values you’re setting in the Denodo configuration? That might help us debug.