Motivation
Find a user mangement system for ONAP to use which
- provides a GUI
- allows setup via REST
- doubles as oauth provider
Based on the requirements, Keycloak was chosen.
Version
Keycloak version 11.0.3 is used.
Setup
Execute this script to get a keycloak container up and running and setup default users.
Setup-Workflow
- Checks if keycloak docker image is available
- get image if not available
- starts container on default port with default admin-user (see Script variables)
- gets admin bearer-token
- creates "onap" realm
- adds default users
Script Variables
At the start of the script, several variables are defined. Update accordingly.
Variable | Default value |
---|---|
ADMIN_USERNAME | admin |
ADMIN_PASS | admin |
IP | 172.18.0.101 |
PORT | 8080 |
Known problems - regenerate/change secret
The "odlux.app" client in the "onap" realm, which is used for authentification from onap, gets created as a 'public' client.
To access the secret via the GUI, the access-type must be changed to 'confidential' and saved. Following, the 'credentials' tab gets visible in the GUI.
On the credentials tab, the current secret can be copied or a new one created.
Currently, the client can not be created as confidential via the REST api.