Merge pull request #212 from jembi/feat/keycloak-jempi

feat: add keycloak config for JeMPI
jembi · Jan 27, 2023 · 0adb406 · 0adb406
2 parents 9de47af + 036c1c5
commit 0adb406
Show file tree

Hide file tree

Showing 5 changed files with 78 additions and 3 deletions.
diff --git a/client-registry-jempi/docker-compose.api.yml b/client-registry-jempi/docker-compose.api.yml
@@ -3,6 +3,13 @@ version: '3.9'
 services:
  jempi-api:
  image: jembi/jempi-api:${JEMPI_API_IMAGE_TAG}
+ environment:
+ KC_REALM_NAME: ${KC_REALM_NAME}
+ KC_JEMPI_CLIENT_ID: ${KC_JEMPI_CLIENT_ID}
+ KC_JEMPI_CLIENT_SECRET: ${KC_JEMPI_CLIENT_SECRET}
+ KC_API_URL: ${KC_API_URL}
+ KC_JEMPI_ROOT_URL: ${KC_JEMPI_ROOT_URL}
+ JEMPI_SESSION_SECRET: ${JEMPI_SESSION_SECRET}
  deploy:
  replicas: 1
  resources:

diff --git a/client-registry-jempi/package-metadata.json b/client-registry-jempi/package-metadata.json
@@ -49,6 +49,12 @@
  "JEMPI_EM_CALCULATOR_IMAGE_TAG": "0.1.1",
  "JEMPI_LINKER_IMAGE_TAG": "0.1.1",
  "JEMPI_API_IMAGE_TAG": "0.1.1",
- "JEMPI_OPENHIM_PASSWORD": "instant101"
+ "JEMPI_OPENHIM_PASSWORD": "instant101",
+ "JEMPI_SESSION_SECRET": "c05ll3lesrinf39t7mc5h6un6r0c69lgfno69dsak3vabeqamouq4328cuaekros401ajdpkh60rrt",
+ "KC_REALM_NAME": "platform-realm",
+ "KC_API_URL": "http://identity-access-manager-keycloak:8080",
+ "KC_JEMPI_CLIENT_ID": "jempi-oauth",
+ "KC_JEMPI_CLIENT_SECRET": "Tbe3llP5OJIlqUjz7K1wPp8YDAdCOEMn",
+ "KC_JEMPI_ROOT_URL": "http://localhost:3000"
  }
 }
diff --git a/identity-access-manager-keycloak/config/realm.json b/identity-access-manager-keycloak/config/realm.json
@@ -57,6 +57,61 @@
  "configure": true,
  "manage": true
  }
+ },
+ {
+ "clientId": "${KC_JEMPI_CLIENT_ID}",
+ "name": "JeMPI",
+ "description": "",
+ "rootUrl": "${KC_JEMPI_ROOT_URL}",
+ "adminUrl": "${KC_JEMPI_ROOT_URL}",
+ "baseUrl": "${KC_JEMPI_ROOT_URL}",
+ "surrogateAuthRequired": false,
+ "enabled": true,
+ "alwaysDisplayInConsole": false,
+ "clientAuthenticatorType": "client-secret",
+ "secret": "${KC_JEMPI_CLIENT_SECRET}",
+ "redirectUris": ["${KC_JEMPI_ROOT_URL}/login"],
+ "webOrigins": ["${KC_JEMPI_ROOT_URL}"],
+ "notBefore": 0,
+ "bearerOnly": false,
+ "consentRequired": false,
+ "standardFlowEnabled": true,
+ "implicitFlowEnabled": false,
+ "directAccessGrantsEnabled": true,
+ "serviceAccountsEnabled": false,
+ "publicClient": false,
+ "frontchannelLogout": true,
+ "protocol": "openid-connect",
+ "attributes": {
+ "oidc.ciba.grant.enabled": "false",
+ "client.secret.creation.time": "1674028783",
+ "backchannel.logout.session.required": "true",
+ "post.logout.redirect.uris": "${KC_JEMPI_ROOT_URL}",
+ "display.on.consent.screen": "false",
+ "oauth2.device.authorization.grant.enabled": "false",
+ "backchannel.logout.revoke.offline.tokens": "false"
+ },
+ "authenticationFlowBindingOverrides": {},
+ "fullScopeAllowed": true,
+ "nodeReRegistrationTimeout": -1,
+ "defaultClientScopes": [
+ "web-origins",
+ "acr",
+ "roles",
+ "profile",
+ "email"
+ ],
+ "optionalClientScopes": [
+ "address",
+ "phone",
+ "offline_access",
+ "microprofile-jwt"
+ ],
+ "access": {
+ "view": true,
+ "configure": true,
+ "manage": true
+ }
  }
  ],
  "users": [
@@ -73,7 +128,8 @@
  ],
  "realmRoles": ["default-roles-${KC_REALM_NAME}"],
  "clientRoles": {
- "grafana-oauth": ["admin", "editor", "viewer"]
+ "${KC_GRAFANA_CLIENT_ID}": ["admin", "editor", "viewer"],
+ "${KC_JEMPI_CLIENT_ID}": ["admin"]
  }
  }
  ]

diff --git a/identity-access-manager-keycloak/docker-compose.yml b/identity-access-manager-keycloak/docker-compose.yml
@@ -27,6 +27,9 @@ services:
  KC_GRAFANA_CLIENT_ID: ${KC_GRAFANA_CLIENT_ID}
  KC_GRAFANA_CLIENT_SECRET: ${KC_GRAFANA_CLIENT_SECRET}
  KC_GRAFANA_ROOT_URL: ${KC_GRAFANA_ROOT_URL}
+ KC_JEMPI_CLIENT_ID: ${KC_JEMPI_CLIENT_ID}
+ KC_JEMPI_CLIENT_SECRET: ${KC_JEMPI_CLIENT_SECRET}
+ KC_JEMPI_ROOT_URL: ${KC_JEMPI_ROOT_URL}
  deploy:
  placement:
  max_replicas_per_node: 1

diff --git a/identity-access-manager-keycloak/package-metadata.json b/identity-access-manager-keycloak/package-metadata.json
@@ -23,6 +23,9 @@
  "KC_POSTGRESQL_DATABASE": "keycloak",
  "KC_GRAFANA_CLIENT_ID": "grafana-oauth",
  "KC_GRAFANA_CLIENT_SECRET": "CV14QfwnpYFj1IH5dK5lScPNCYAIYP1c",
- "KC_GRAFANA_ROOT_URL": "http://localhost:3000"
+ "KC_GRAFANA_ROOT_URL": "http://localhost:3000",
+ "KC_JEMPI_CLIENT_ID": "jempi-oauth",
+ "KC_JEMPI_CLIENT_SECRET": "Tbe3llP5OJIlqUjz7K1wPp8YDAdCOEMn",
+ "KC_JEMPI_ROOT_URL": "http://localhost:3000"
  }
 }