Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For further information about keycloak, see the documentation.

Setup

Following, the two ways to setup keycloak are discussed. To be able to automate the process, a bash script was written.

The bash script follows the steps of the manual setup.

...

Start docker container

  1. Do a   docker pull quay.io/keycloak/keycloak:11.0.3
  2. Start the docker container with set env vars for 'KEYCLOAK_USER' and 'KEYCLOAK_PASSWORD` on a preferred port. Internal port is 8080.
  3. Navigate to http://localhost:8080/auth/admin and login, getting access to the master realm / admin console.
  4. Create an 'onap' realm

...

  1. Navigate to 'Clients' and create a new one
  2. Create a client with client ID 'odlux.app' and client protocol 'openid-connect'
  3. Select client and open 'Settings' tab
  4. enable if not already done
    1. Direct Access Grants
    2. Standard Flow Enabled
  5. Add valid redirect urls for your onap installation
  6. Set access type to 'confidential'
  7. (Save. Navigate to the 'credentials' tab and create your secret)
  8. (Note: If the lifespan of a token should be longer, it can be updated under the 'Advanced Settings' dropdown)

Automated

To automate the process, the following script can be used. Make sure to download the realm.json file. Place both files next to each other,

...

Further setup

Before you go and run Keycloak in production there are a few more things that you will want to do, including:

...

Quoted from: [https://www.keycloak.org/getting-started/getting-started-docker]

Known problems - change secret of client / automated creation

...

To access the secret via the GUI, the access-type must be changed to 'confidential' and saved. Following, the 'credentials' tab gets visible in the GUI.

On the credentials tab, the current secret can be copied or a new one created.

Currently, the client can not be created as confidential via the REST API.