Skip to content
DIH Knowledge Base
    Sign in

    PoC evaluator guide

    Use this guide when reviewing the Starlight + Keycloak proof of concept. For the full technical story, see Architecture & technical setup.

    Section titled “Recommended test flow”

    1. Public access (no Keycloak session)

    Section titled “1. Public access (no Keycloak session)”
    1. Open About DIH — should load without redirect.
    2. Note the DIH header: “Sign in” on the right.
    3. Browse the sidebar — only public and Getting started sections are fully visible; product groups may be hidden if they require roles.

    2. Sign-in required

    Section titled “2. Sign-in required”
    1. Visit Platform overview — redirect to Keycloak.
    2. Sign in with a test user.
    3. After callback, the page loads; header shows Signed in as … and Sign out.

    3. Product role (group-gated)

    Section titled “3. Product role (group-gated)”

    Assign Keycloak group claims per product (see IAM mapping):

    Product accessUnlocks
    Connect & IntegrateConnect & Integrate section (nested use cases, API)
    Build & OperateBuild & Operate, Motion Data
    Digital.IDDigital.ID section
    1. With Connect & Integrate access only: open Certificate management — content + Supademo embed.
    2. Open Build & Operate overview without Build & Operate access — upsell screen (stay on URL, no redirect).

    4. Sidebar filtering

    Section titled “4. Sidebar filtering”

    After login, the left sidebar only lists pages your token can access. Empty groups are removed automatically.

    5. Documentation capabilities (Starlight showcase)

    Section titled “5. Documentation capabilities (Starlight showcase)”

    Open Documentation capabilities — public pages that demo SaaS-relevant authoring:

    • Markdown asides, tables, and structure
    • <Tabs>, <Steps>, cards, link cards
    • Expressive Code (diffs, highlights, terminals)
    • Mermaid diagrams and embedded API reference (Swagger UI) at /en/poc/authoring/api-embed/
    • Custom Astro components (callouts, Supademo)

    6. Debug token roles

    Section titled “6. Debug token roles”

    While logged in: http://localhost:4321/auth/debug — JSON map of roles per JWT claim path.

    Architecture (three layers)

    Section titled “Architecture (three layers)”
    1. Astro middleware — JWT cookie, redirect if auth required.
    2. Starlight route middleware — filter sidebar by roles.
    3. AuthPageFrame — upsell screen when logged in but missing role.

    Access rules live in page frontmatter only — no path config in code.

    Reference documentation

    Section titled “Reference documentation”

    Production content inspiration: docs.dih.telekom.com.