Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sonchau/keycloak #513

Merged
merged 8 commits into from
Mar 27, 2024
Merged

Sonchau/keycloak #513

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
4832f6c
remove old files
SonQBChau Mar 27, 2024
30559d4
add new files
SonQBChau Mar 27, 2024
af2a133
Update keycloak_setup.sh
SonQBChau Mar 27, 2024
c35055b
Update docker-compose.yml
SonQBChau Mar 27, 2024
ef69a8a
Update .gitignore
SonQBChau Mar 27, 2024
c2116b7
Update example.env
SonQBChau Mar 27, 2024
41399e5
clean up old instructions
SonQBChau Mar 27, 2024
3507669
update Tyk logout to work with new keycloak
SonQBChau Mar 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,3 +23,4 @@
__pycache__/
geckodriver.log
env.sh
kcadm.config
2 changes: 0 additions & 2 deletions docs/install-docker.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -344,8 +344,6 @@ cp -i etc/env/example.env .env
LOCAL_IP_ADDR=xxx.xx.x.x
# change OS
VENV_OS=arm64mac
# change keycloak
KEYCLOAK_BASE_IMAGE=quay.io/c3genomics/keycloak:${KEYCLOAK_VERSION}.arm64
```

Edit /etc/hosts on the machine (`sudo nano /etc/hosts`):
Expand Down
9 changes: 2 additions & 7 deletions etc/env/example.env
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,23 +162,18 @@ CACHE_TIME=0


# keycloak service
KEYCLOAK_VERSION=16.1.1
#KEYCLOAK_BASE_IMAGE=quay.io/c3genomics/keycloak:${KEYCLOAK_VERSION}.arm64
KEYCLOAK_BASE_IMAGE=quay.io/keycloak/keycloak:${KEYCLOAK_VERSION}
KEYCLOAK_VERSION=24.0.0
KEYCLOAK_REALM=candig
KEYCLOAK_CLIENT_ID=local_candig
KEYCLOAK_LOGIN_REDIRECT_PATH=/auth/login
KEYCLOAK_PORT=8080
KEYCLOAK_CONTAINER_PORT=8080
KEYCLOAK_HOST=0.0.0.0
KEYCLOAK_PUBLIC_PROTO=http
KEYCLOAK_PRIVATE_PROTO=http
KEYCLOAK_ENABLE_PROXY=false
KEYCLOAK_PUBLIC_URL=${KEYCLOAK_PUBLIC_PROTO}://${CANDIG_AUTH_DOMAIN}:${KEYCLOAK_PORT}
KEYCLOAK_PUBLIC_URL_PROD=${KEYCLOAK_PUBLIC_PROTO}://${CANDIG_AUTH_DOMAIN}
KEYCLOAK_PRIVATE_URL=${KEYCLOAK_PRIVATE_PROTO}://${CANDIG_AUTH_DOMAIN}:${KEYCLOAK_CONTAINER_PORT}
KEYCLOAK_PRIVATE_URL=${KEYCLOAK_PRIVATE_PROTO}://${CANDIG_AUTH_DOMAIN}:${KEYCLOAK_PORT}
KEYCLOAK_REALM_URL=${KEYCLOAK_PUBLIC_URL}/auth/realms/${KEYCLOAK_REALM}

KEYCLOAK_GENERATE_TEST_USER=1

# query service
Expand Down
4 changes: 0 additions & 4 deletions lib/keycloak/Dockerfile
View file
Open in desktop

This file was deleted.

38 changes: 38 additions & 0 deletions lib/keycloak/client_setup.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
# This script creates and configures a client within a Keycloak realm

echo
echo -e "${BLUE}Creating client: $KEYCLOAK_CLIENT_ID${DEFAULT}"

CREATE_OUTPUT=$(KCADM create clients -r "$KEYCLOAK_REALM" \
-s clientId="$KEYCLOAK_CLIENT_ID" \
-s enabled=true \
-s protocol=openid-connect \
-s publicClient=false \
-s clientAuthenticatorType=client-secret \
-s standardFlowEnabled=true \
-s directAccessGrantsEnabled=true \
-s 'redirectUris=["'"$TYK_LOGIN_TARGET_URL$KEYCLOAK_LOGIN_REDIRECT_PATH"'"]' \
-s 'webOrigins=["'"$TYK_LOGIN_TARGET_URL"'"]' 2>&1)
# uncomment the line beblow to see the output
# echo $CREATE_OUTPUT

# Extract the client ID from the output
CLIENT_ID=$(echo $CREATE_OUTPUT | grep -oE '[0-9a-fA-F-]{36}')

# Create client scopes
SCOPE_NAME="${KEYCLOAK_CLIENT_ID}-audience"
CREATE_OUTPUT=$(KCADM create clients/$CLIENT_ID/protocol-mappers/models -r $KEYCLOAK_REALM \
-s name=$SCOPE_NAME \
-s protocol=openid-connect \
-s protocolMapper=oidc-audience-mapper \
-s config="{\"included.client.audience\" : \"$KEYCLOAK_CLIENT_ID\",\"id.token.claim\" : \"true\",\"access.token.claim\" : \"true\"}" 2>&1)
# uncomment the line beblow to see the output
# echo $CREATE_OUTPUT

# EXPORT: Get the client secret and save it to secrets
CLIENT_SECRET=$(KCADM get clients/"$CLIENT_ID"/client-secret -r "$KEYCLOAK_REALM" | jq -r '.value')
echo "$CLIENT_SECRET" > tmp/secrets/keycloak-client-$KEYCLOAK_CLIENT_ID-secret

# EXPORT: Encode the Keycloak client ID in base64 and save it to secrets
KEYCLOAK_CLIENT_ID_64=$(echo -n "${KEYCLOAK_CLIENT_ID}" | base64)
echo "$KEYCLOAK_CLIENT_ID_64" > "tmp/secrets/keycloak-client-${KEYCLOAK_CLIENT_ID}-id-64"
25 changes: 0 additions & 25 deletions lib/keycloak/configuration_templates/application-users.properties
View file
Open in desktop

This file was deleted.

70 changes: 0 additions & 70 deletions lib/keycloak/configuration_templates/logging.properties
View file
Open in desktop

This file was deleted.

27 changes: 0 additions & 27 deletions lib/keycloak/configuration_templates/mgmt-users.properties
View file
Open in desktop

This file was deleted.

Loading
Loading