keycloak setup

.dev/tenant-user-management-service/README.md

@@ -0,0 +1,8 @@
+# Setup
+start docker-compose
+login to http://localhost:8080 with admin/admin
+go to "clients", select "import client" and drag-and-drop manager.json from this folder.
+Follow import wizard steps.
+Once done. select the manager client, go to tab "SERVICE ACCOUNT ROLES"
+Click "assign roles" and assign all roles  from "filter by realm roles".
+

.dev/tenant-user-management-service/docker-compose.yaml

@@ -6,6 +6,7 @@ services:
     command: start-dev
     environment:
       KEYCLOAK_ADMIN: admin
+      KEYCLOAK_IMPORT: master.json
       KEYCLOAK_ADMIN_PASSWORD: admin
     ports:
       - 8080:8080

.dev/tenant-user-management-service/manager.json

@@ -0,0 +1,99 @@
+{
+  "clientId": "manager",
+  "name": "manager",
+  "description": "manager",
+  "rootUrl": "",
+  "adminUrl": "",
+  "baseUrl": "",
+  "surrogateAuthRequired": false,
+  "enabled": true,
+  "alwaysDisplayInConsole": false,
+  "clientAuthenticatorType": "client-secret",
+  "secret": "oE2DVrV45w0Tr5jBBcoufVxIkFWU69lP",
+  "redirectUris": [
+    "/*"
+  ],
+  "webOrigins": [
+    "/*"
+  ],
+  "notBefore": 0,
+  "bearerOnly": false,
+  "consentRequired": false,
+  "standardFlowEnabled": true,
+  "implicitFlowEnabled": true,
+  "directAccessGrantsEnabled": true,
+  "serviceAccountsEnabled": true,
+  "authorizationServicesEnabled": true,
+  "publicClient": false,
+  "frontchannelLogout": true,
+  "protocol": "openid-connect",
+  "attributes": {
+    "oidc.ciba.grant.enabled": "true",
+    "oauth2.device.authorization.grant.enabled": "true",
+    "client.secret.creation.time": "1690966874",
+    "backchannel.logout.session.required": "true",
+    "backchannel.logout.revoke.offline.tokens": "false"
+  },
+  "authenticationFlowBindingOverrides": {},
+  "fullScopeAllowed": true,
+  "nodeReRegistrationTimeout": -1,
+  "protocolMappers": [
+    {
+      "name": "Client IP Address",
+      "protocol": "openid-connect",
+      "protocolMapper": "oidc-usersessionmodel-note-mapper",
+      "consentRequired": false,
+      "config": {
+        "user.session.note": "clientAddress",
+        "id.token.claim": "true",
+        "access.token.claim": "true",
+        "claim.name": "clientAddress",
+        "jsonType.label": "String"
+      }
+    },
+    {
+      "name": "Client Host",
+      "protocol": "openid-connect",
+      "protocolMapper": "oidc-usersessionmodel-note-mapper",
+      "consentRequired": false,
+      "config": {
+        "user.session.note": "clientHost",
+        "id.token.claim": "true",
+        "access.token.claim": "true",
+        "claim.name": "clientHost",
+        "jsonType.label": "String"
+      }
+    },
+    {
+      "name": "Client ID",
+      "protocol": "openid-connect",
+      "protocolMapper": "oidc-usersessionmodel-note-mapper",
+      "consentRequired": false,
+      "config": {
+        "user.session.note": "client_id",
+        "id.token.claim": "true",
+        "access.token.claim": "true",
+        "claim.name": "client_id",
+        "jsonType.label": "String"
+      }
+    }
+  ],
+  "defaultClientScopes": [
+    "web-origins",
+    "acr",
+    "profile",
+    "roles",
+    "email"
+  ],
+  "optionalClientScopes": [
+    "address",
+    "phone",
+    "offline_access",
+    "microprofile-jwt"
+  ],
+  "access": {
+    "view": true,
+    "configure": true,
+    "manage": true
+  }
+}

.gitignore

@@ -36,3 +36,4 @@ build/
 gradle.properties
 gradlew
 gradlew.bat
+.DS_Store

src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantManagementService.java

@@ -224,7 +224,7 @@ public class TenantManagementService implements TenantProvider {
                 tenantRequest.getDatabaseConnection().getPassword())) {
             DataSource tenantDataSource = new SingleConnectionDataSource(connection, false);
             JdbcTemplate jdbcTemplate = new JdbcTemplate(tenantDataSource);
-            String createStatement = "CREATE SCHEMA \"" + tenantRequest.getDatabaseConnection().getSchema() + "\"";
+            String createStatement = "CREATE SCHEMA IF NOT EXISTS \"" + tenantRequest.getDatabaseConnection().getSchema() + "\"";
             String grantStatement = "GRANT USAGE ON SCHEMA \"" + tenantRequest.getDatabaseConnection().getSchema() + "\" TO \"" + tenantRequest.getDatabaseConnection()
                     .getUsername() + "\"";
             jdbcTemplate.execute(createStatement);

src/main/resources/application-dev.yaml

@@ -5,7 +5,7 @@ server:
 fforesight:
   tenant-user-management:
     server-url: http://localhost:8080
-    client-secret: WJ4CIR2t65r55caWFBg4LWhdW2kOMjeC
+    client-secret: Rf1FbW6qwXNFd8hvNLvObZvASaG2iDZs
     client-id: manager
     realm: master
     kc-role-mapping: