Summary: this page explains how to login to Keycloak for the first time and configure a redirect URI to ensure Console front-end can be accessed from wherever required.

The Console authentication provider has been totally restructured in ≥ 2.x and uses the open-source OAuth2 compatible Keycloak system. Keycloak provides local authentication, and can also interact with other enterprise authentication systems such as LDAP and SAML. Before you start using Console, you should configure a redirect in Keycloak to allow access to Console using the Console host name or IP address in addition to localhost (which is pre-configured). If you do not, users will not be able to login to Console correctly. To do so, connect to Keycloak from any machine on the local network:


Click the Administration Console option:

The default login credentials specified in the docker-compose.yml file are admin/admin - use these unless you have modified them as described in AIP Console - front-end installation:

These credentials are specific to Keycloak and not Console. You can change the default password if required, post installation, using the following URL:


Now click the Clients option and then click aip-console-client:

Click to enlarge

Now add a new redirect:

You should add a redirect for each URL you want Console to be accessible on. For example:

Ensure you save the changes: