Skip to content

Tips for Keycloak

mdonadoni edited this page Oct 10, 2023 · 1 revision

Contents

  1. Test Keycloak integration locally

Test Keycloak integration locally

  1. Install the Keycloak Helm Chart, making sure that all the PVs/PVCs from previous installs were deleted:

    helm install reana-keycloak oci://registry-1.docker.io/bitnamicharts/keycloak \
        --set service.type=NodePort \
        --set service.nodePorts.http=31234 \
        --set auth.adminPassword=mysecretpassword
    
  2. Get the IP of kind's node:

    kubectl get nodes --namespace default -o jsonpath="{.items[0].status.addresses[0].address}"
    

    We will refer to this IP address with NODE_IP in the rest of the steps.

  3. Connect to the Keycloak admin dashboard by visiting http://NODE_IP:31234 and logging in with:

    • username: user
    • password: mysecretpassword
  4. Create a new realm named reana

  5. Create a new OpenID connect client with:

    • Client ID: reana
    • Client authentication: On
    • Root URL: https://localhost:30443
    • Valid redirect URIs: https://localhost:30443/api/oauth/authorized/keycloak/
  6. Create a new user, for example

    • Username: user
    • Email: user@example.org
    • Email verified: Yes
    • First name: user
    • Last name: user
  7. From the Credentials tab, set a password for the user with Temporary set to off

  8. Copy the Client secret and configure REANA to integrate with Keycloak in values-dev.yaml:

    login:
      - name: "yourprovider"
        type: "keycloak"
        config:
          title: "YOUR PROVIDER"
          base_url: "http://NODE_IP:31234"
          realm_url: "http://NODE_IP:31234/realms/reana"
          auth_url: "http://NODE_IP:31234/realms/reana/protocol/openid-connect/auth"
          token_url: "http://NODE_IP:31234/realms/reana/protocol/openid-connect/token"
          userinfo_url: "http://NODE_IP:31234/realms/reana/protocol/openid-connect/userinfo"
    
    secrets:
      login:
        yourprovider:
          consumer_key: reana
          consumer_secret: <your-client-secret>
    
    components:
      reana_server:
        environment:
          REANA_USER_EMAIL_CONFIRMATION: false
  9. Deploy REANA as usual:

    reana-dev cluster-deploy --admin-email john.doe@example.org --admin-password mysecretpassword