From 738b112894787bc756a2303db57f8da78e497fa6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?V=C3=A1clav=20Barto=C5=A1?= <bartos@cesnet.cz>
Date: Tue, 17 Jan 2023 10:49:00 +0100
Subject: [PATCH] quickstart: short info about user authentication added

---
 doc/quickstart.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/doc/quickstart.md b/doc/quickstart.md
index ddb5c9a..b22be82 100644
--- a/doc/quickstart.md
+++ b/doc/quickstart.md
@@ -98,3 +98,13 @@ After the whole process is finished, SOCTools can be accessed by going to https:
 * 8888 - haproxy-stats
 * 5443 - User Management UI
 
+## Authentication
+
+Most of the tools use single-sign-on authentication via Keycloak.
+The preferred way to authenticate is to use the client certificate of given user (browser should ask to select the certificate).
+Alternatively, the primary/admin user (the one configured during installation) can use its username and password - the password is stored in `secrets/passwords/[username]`.
+
+The same username and password is used to access the User Management UI, where more user accounts can be created.
+Such users should authenticate using their client certificate, which they can download from a link they receive via email.
+
+The haproxy-stats page (needed only for debugging/statistics) can be accessed by `haproxy` username and password found in `secrets/passwords/haproxy_stats`.
-- 
GitLab