Skip to content

Keycloak Configuration for Tempo📜

  1. Create a Tempo client
  2. Change the following configuration items

    • access type: confidential this will enable a “Credentials” tab within the client configuration page
    • Direct Access Grants Enabled: Off
    • Valid Redirect URIs: https://tracing.${DOMAIN}/login
      • If you want to deploy both Jaeger and Tempo at the same time you should set this to https://tempo.${DOMAIN}/login
    • Base URL: https://tracing.${DOMAIN}
      • If you want to deploy both Jaeger and Tempo at the same time you should set this to https://tempo.${DOMAIN}
    • Take note of the client secret in the credentials tab
  3. Deploy from Big Bang with the SSO values set:

    tempo:
      sso:
        enabled: true
        client_id: <id for client you created>
        client_secret: <client secret from the credentials tab>
    

  4. Tempo will be deployed with Authservice protecting the UI behind your SSO provider.