Skip to content

419 authenticator against keycloak #420

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lmarini merged 11 commits into from
Sep 11, 2023
Merged

419 authenticator against keycloak #420

lmarini merged 11 commits into from
Sep 11, 2023

Conversation

@longshuicy
Copy link
Member

@longshuicy longshuicy commented Aug 28, 2023
edited
Loading

Description

Add provider for keycloak authentication.
Login

How to test:

1. Have a running keycloak instance (can reuse the clowder2 keycloak container)

2. Unzip, import the realm or create your own.

realm-export.json.zip

3. If you choose to create your own realm, make sure you register the redirect URL as {host}/authenticate/keycloak

image

4. Get the client secret

Pasted Graphic 2

5. overwrite config by add below to the custom/custom.conf

ehcacheplugin = enabled

securesocial.keycloak={
    authorizationUrl="http://localhost:8080/keycloak/realms/clowder1/protocol/openid-connect/auth"
    accessTokenUrl="http://localhost:8080/keycloak/realms/clowder1/protocol/openid-connect/token"
    userinfoUrl="http://localhost:8080/keycloak/realms/clowder1/protocol/openid-connect/userinfo"
    clientId="clowder1-backend"
    clientSecret= client scecret copied from step 3
    scope="profile email roles"
}

6. create custom/play.plugins with

10005:services.KeycloakProvider

7. test http://localhost:9000/login

Review Time Estimate

  • Immediately
  • Within one week
  • When possible

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My change requires a change to the documentation.
  • I have updated the CHANGELOG.md.
  • I have signed the CLA
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

@longshuicy longshuicy linked an issue Aug 28, 2023 that may be closed by this pull request
Authenticator against keycloak #419
Closed
robkooper
robkooper reviewed Aug 28, 2023
View reviewed changes
robkooper
robkooper requested changes Aug 28, 2023
View reviewed changes
@longshuicy longshuicy requested a review from robkooper August 28, 2023 17:02
robkooper
robkooper reviewed Sep 8, 2023
View reviewed changes
@max-zilla max-zilla self-requested a review September 11, 2023 14:20
max-zilla
max-zilla approved these changes Sep 11, 2023
View reviewed changes
Copy link
Contributor

@max-zilla max-zilla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ran this against keycloak container from v2, registered a new user in the realm and logging in via Clowder correctly routed me through TOS, profile looks good, everything seems to work.

@lmarini lmarini requested a review from robkooper September 11, 2023 15:38
@lmarini lmarini merged commit 5d7c19e into develop Sep 11, 2023
@lmarini lmarini deleted the 419-authenticator-against-keycloak branch September 11, 2023 19:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@robkooper robkooper robkooper approved these changes

@max-zilla max-zilla max-zilla approved these changes

@lmarini lmarini Awaiting requested review from lmarini

@bodom0015 bodom0015 Awaiting requested review from bodom0015

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Authenticator against keycloak

5 participants

@longshuicy @robkooper @max-zilla @lmarini