Skip to content

Tips for Keycloak

Jump to bottom
mdonadoni edited this page Oct 10, 2023 · 1 revision

Contents

  1. Test Keycloak integration locally

Test Keycloak integration locally

  1. Install the Keycloak Helm Chart, making sure that all the PVs/PVCs from previous installs were deleted:

    helm install reana-keycloak oci://registry-1.docker.io/bitnamicharts/keycloak \
    --set service.type=NodePort \
    --set service.nodePorts.http=31234 \
    --set auth.adminPassword=mysecretpassword

  2. Get the IP of kind's node:

    kubectl get nodes --namespace default -o jsonpath="{.items[0].status.addresses[0].address}"

    We will refer to this IP address with NODE_IP in the rest of the steps.

  3. Connect to the Keycloak admin dashboard by visiting http://NODE_IP:31234 and logging in with:

    • username: user
    • password: mysecretpassword

  4. Create a new realm named reana

  5. Create a new OpenID connect client with:

    • Client ID: reana
    • Client authentication: On
    • Root URL: https://localhost:30443
    • Valid redirect URIs: https://localhost:30443/api/oauth/authorized/keycloak/

  6. Create a new user, for example

    • Username: user
    • Email: [email protected]
    • Email verified: Yes
    • First name: user
    • Last name: user

  7. From the Credentials tab, set a password for the user with Temporary set to off

  8. Copy the Client secret and configure REANA to integrate with Keycloak in values-dev.yaml:

    login:
  - name: "yourprovider"
    type: "keycloak"
    config:
      title: "YOUR PROVIDER"
      base_url: "http://NODE_IP:31234"
      realm_url: "http://NODE_IP:31234/realms/reana"
      auth_url: "http://NODE_IP:31234/realms/reana/protocol/openid-connect/auth"
      token_url: "http://NODE_IP:31234/realms/reana/protocol/openid-connect/token"
      userinfo_url: "http://NODE_IP:31234/realms/reana/protocol/openid-connect/userinfo"

secrets:
  login:
    yourprovider:
      consumer_key: reana
      consumer_secret: <your-client-secret>

components:
  reana_server:
    environment:
      REANA_USER_EMAIL_CONFIRMATION: false

  9. Deploy REANA as usual:

    reana-dev cluster-deploy --admin-email [email protected] --admin-password mysecretpassword

REANA reproducible analysis platform
blog.reana.io | docs.reana.io | forum.reana.io | www.reana.io | @gitter | @mattermost | @twitter

Introduction

Getting started

Issue lifecycle

Understanding code base

Technology tips and tricks

Clone this wiki locally