Skip to main content

Client Secret

28/04/2025

The client secret parameter is a critical security credential that enables secure authentication between systems. This parameter is required in Keycloak, where you generate the client secret through the administrative interface. It also has to be provided as the identical client secret to the PoolParty component utilizing it (via the config file) as well as to any other integrated solution (configuration options may vary in this case).

The following steps outline the procedure how you can obtain a client secret credential in Keycloak:

  1. Log in to Keycloak. For more information, refer to How to Access Keycloak for On-Site PoolParty Installation.

  2. Navigate to Clients.

  3. Select the client from the list representing the PoolParty component for which you want to obtain the client secret.

  4. Navigate to the Credentials tab on the client settings page to manage authentication keys and access tokens.

  5. Select the appropriate credential type for your client.

  6. If you choose the default setting, the client secret will be automatically generated. When necessary, click Regenerate to recreate the client secret. Regenerating a client secret will invalidate the previous one. You must update the client secret to this new value in all connected applications immediately.

  7. Click Save to confirm your changes.

Important

The client secret represents a confidential credential shared exclusively between the respective application and the authorization server. This credential is automatically generated by the system and serves as a mandatory component within the client credential authentication flow. You should implement proper security measures by storing the client secret in an encrypted or hashed format to minimize the risk of unauthorized access or potential security breaches. Proper management of this credential is essential for maintaining the integrity of your authentication infrastructure.

Note

It is essential to maintain identical client secret values across all integrated components within your system architecture. In the event that you regenerate the client secret in Keycloak, you must immediately update this credential in all connected applications and configuration files where it appears. Failure to synchronize this security parameter across all system components will result in authentication failures and service disruptions.

In this section: