keycloak setup

2023-08-02 12:12:22 +03:00 · 2023-08-02 12:12:22 +03:00 · 479168b029
commit 479168b029
parent cef0f2830b
6 changed files with 111 additions and 2 deletions
--- a/.dev/tenant-user-management-service/README.md
+++ b/.dev/tenant-user-management-service/README.md
@ -0,0 +1,8 @@
+# Setup
+start docker-compose
+login to http://localhost:8080 with admin/admin
+go to "clients", select "import client" and drag-and-drop manager.json from this folder.
+Follow import wizard steps.
+Once done. select the manager client, go to tab "SERVICE ACCOUNT ROLES"
+Click "assign roles" and assign all roles  from "filter by realm roles".
+
--- a/.dev/tenant-user-management-service/docker-compose.yaml
+++ b/.dev/tenant-user-management-service/docker-compose.yaml
@ -6,6 +6,7 @@ services:
    command: start-dev
    environment:
      KEYCLOAK_ADMIN: admin
+      KEYCLOAK_IMPORT: master.json
      KEYCLOAK_ADMIN_PASSWORD: admin
    ports:
      - 8080:8080
--- a/.dev/tenant-user-management-service/manager.json
+++ b/.dev/tenant-user-management-service/manager.json
@ -0,0 +1,99 @@
+{
+  "clientId": "manager",
+  "name": "manager",
+  "description": "manager",
+  "rootUrl": "",
+  "adminUrl": "",
+  "baseUrl": "",
+  "surrogateAuthRequired": false,
+  "enabled": true,
+  "alwaysDisplayInConsole": false,
+  "clientAuthenticatorType": "client-secret",
+  "secret": "oE2DVrV45w0Tr5jBBcoufVxIkFWU69lP",
+  "redirectUris": [
+    "/*"
+  ],
+  "webOrigins": [
+    "/*"
+  ],
+  "notBefore": 0,
+  "bearerOnly": false,
+  "consentRequired": false,
+  "standardFlowEnabled": true,
+  "implicitFlowEnabled": true,
+  "directAccessGrantsEnabled": true,
+  "serviceAccountsEnabled": true,
+  "authorizationServicesEnabled": true,
+  "publicClient": false,
+  "frontchannelLogout": true,
+  "protocol": "openid-connect",
+  "attributes": {
+    "oidc.ciba.grant.enabled": "true",
+    "oauth2.device.authorization.grant.enabled": "true",
+    "client.secret.creation.time": "1690966874",
+    "backchannel.logout.session.required": "true",
+    "backchannel.logout.revoke.offline.tokens": "false"
+  },
+  "authenticationFlowBindingOverrides": {},
+  "fullScopeAllowed": true,
+  "nodeReRegistrationTimeout": -1,
+  "protocolMappers": [
+    {
+      "name": "Client IP Address",
+      "protocol": "openid-connect",
+      "protocolMapper": "oidc-usersessionmodel-note-mapper",
+      "consentRequired": false,
+      "config": {
+        "user.session.note": "clientAddress",
+        "id.token.claim": "true",
+        "access.token.claim": "true",
+        "claim.name": "clientAddress",
+        "jsonType.label": "String"
+      }
+    },
+    {
+      "name": "Client Host",
+      "protocol": "openid-connect",
+      "protocolMapper": "oidc-usersessionmodel-note-mapper",
+      "consentRequired": false,
+      "config": {
+        "user.session.note": "clientHost",
+        "id.token.claim": "true",
+        "access.token.claim": "true",
+        "claim.name": "clientHost",
+        "jsonType.label": "String"
+      }
+    },
+    {
+      "name": "Client ID",
+      "protocol": "openid-connect",
+      "protocolMapper": "oidc-usersessionmodel-note-mapper",
+      "consentRequired": false,
+      "config": {
+        "user.session.note": "client_id",
+        "id.token.claim": "true",
+        "access.token.claim": "true",
+        "claim.name": "client_id",
+        "jsonType.label": "String"
+      }
+    }
+  ],
+  "defaultClientScopes": [
+    "web-origins",
+    "acr",
+    "profile",
+    "roles",
+    "email"
+  ],
+  "optionalClientScopes": [
+    "address",
+    "phone",
+    "offline_access",
+    "microprofile-jwt"
+  ],
+  "access": {
+    "view": true,
+    "configure": true,
+    "manage": true
+  }
+}
--- a/.gitignore
+++ b/.gitignore
@ -36,3 +36,4 @@ build/
 gradle.properties
 gradlew
 gradlew.bat
+.DS_Store
--- a/src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantManagementService.java
+++ b/src/main/java/com/knecon/fforesight/tenantusermanagement/service/TenantManagementService.java
@ -224,7 +224,7 @@ public class TenantManagementService implements TenantProvider {
                tenantRequest.getDatabaseConnection().getPassword())) {
            DataSource tenantDataSource = new SingleConnectionDataSource(connection, false);
            JdbcTemplate jdbcTemplate = new JdbcTemplate(tenantDataSource);
-            String createStatement = "CREATE SCHEMA \"" + tenantRequest.getDatabaseConnection().getSchema() + "\"";
+            String createStatement = "CREATE SCHEMA IF NOT EXISTS \"" + tenantRequest.getDatabaseConnection().getSchema() + "\"";
            String grantStatement = "GRANT USAGE ON SCHEMA \"" + tenantRequest.getDatabaseConnection().getSchema() + "\" TO \"" + tenantRequest.getDatabaseConnection()
                    .getUsername() + "\"";
            jdbcTemplate.execute(createStatement);
--- a/src/main/resources/application-dev.yaml
+++ b/src/main/resources/application-dev.yaml
@ -5,7 +5,7 @@ server:
 fforesight:
  tenant-user-management:
    server-url: http://localhost:8080
-    client-secret: WJ4CIR2t65r55caWFBg4LWhdW2kOMjeC
+    client-secret: Rf1FbW6qwXNFd8hvNLvObZvASaG2iDZs
    client-id: manager
    realm: master
    kc-role-mapping: