a9f2ba76ae
* feat!(openid): introducing support for openid configuration BREAKING CHANGE: provider configuration changed from auth.authentication.provider to auth.authentication.jwt.enabled * add upgrading to 4.1.0 * add validation for deprecated values * add openid CI with keycloak * fix chart-testing lint new-line-at-end-of-file * fix keycloak dependency repository * fix keycloak repository * fix yaml to json convert error * disable keycloak to validate github actions before re-enable it * disable openid test scenario * disable keycloak in values * enable keycloak without authentication and authorization * add openid test scenario * disable test scenario other than openid * enable all test scenario * disable functions component * create openid resources * test truncate command * test truncate command * change client_secret generator * change client_secret generator * test python * fix script * fix script * print python result * test python * test python * fix client_secret generation * fix create openid resources * fix secret name * fix mount keycloak config * fix keycloak service * exclude keycloak from chart * add license * add license * wait keycloak is alive * fix keycloak chart install namespace * add test pulsar real openid config * fix keycloak issuer url * fix pod name * remove check keycloak alive * check realm pulsar openid configuration * change keycloak service * remove test keyclock service * remove selector to get all pod log * wait keycloak is alive * check keycloak realm pulsar urls * wait until keycloak is ready * add wait timeout * fix realm pulsar name * add log to debug * add openid for toolset * set authorization * set authorization * fix client template filename * fix install keycloak * disable authorization * debug sub claim value * fix sub claim value * cleanup * enable all build --------- Co-authored-by: glecroc <guillaume.lecroc@cnp.fr>
27 lines
882 B
Markdown
27 lines
882 B
Markdown
# Keycloak
|
|
|
|
Keycloak is used to validate OIDC configuration.
|
|
|
|
To create the pulsar realm configuration, we use :
|
|
|
|
* `0-realm-pulsar-partial-export.json` : after creating pulsar realm in Keycloack UI, this file is the result of the partial export in Keycloak UI without options.
|
|
* `1-client-template.json` : this is the template to create pulsar clients.
|
|
|
|
To create the final `realm-pulsar.json`, merge files with `jq` command :
|
|
|
|
* create a client with `CLIENT_ID`, `CLIENT_SECRET` and `SUB_CLAIM_VALUE` :
|
|
|
|
```
|
|
CLIENT_ID=xx
|
|
CLIENT_SECRET=yy
|
|
SUB_CLAIM_VALUE=zz
|
|
|
|
jq -n --arg CLIENT_ID "$CLIENT_ID" --arg CLIENT_SECRET "$CLIENT_SECRET" --arg SUB_CLAIM_VALUE "$SUB_CLAIM_VALUE" 1-client-template.json > client.json
|
|
```
|
|
|
|
* then merge the realm and the client :
|
|
|
|
```
|
|
jq '.clients += [input]' 0-realm-pulsar-partial-export.json client.json > realm-pulsar.json
|
|
```
|