From 0369755ffcfe07e6aba2a03aba27ff41480681fb Mon Sep 17 00:00:00 2001 From: Alberto Larraz Date: Thu, 30 Dec 2021 18:02:58 +0100 Subject: [PATCH] feat(keycloak): new json with customized values in realm and launch script in dd-ctl with keycloak config --- config/dd.sh | 29 ++++++++++++++++++++++++++++- custom.sample/keycloak/realm.json | 24 ++++++++++++++++++++++++ dd-ctl | 10 +++++----- isard-sso | 2 +- 4 files changed, 58 insertions(+), 7 deletions(-) create mode 100644 custom.sample/keycloak/realm.json diff --git a/config/dd.sh b/config/dd.sh index 231cf01..27b16b3 100644 --- a/config/dd.sh +++ b/config/dd.sh @@ -1,12 +1,26 @@ #!/bin/bash source ../digitaldemocratic.conf +mv keycloak/realm.json keycloak/realm.json.old +mv keycloak/clients.json keycloak/clients.json.old +mv keycloak/client-scopes.json keycloak/client-scopes.json.old + +#/opt/jboss/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD &> /dev/null +#/opt/jboss/keycloak/bin/kcadm.sh get realms/master + echo "Dump realm.json" docker exec -i isard-sso-keycloak sh -c '/opt/jboss/keycloak/bin/kcadm.sh \ config credentials --server http://localhost:8080/auth \ --realm master --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD &> /dev/null && \ /opt/jboss/keycloak/bin/kcadm.sh \ get realms/master' > keycloak/realm.json + +echo "Dump client-scopes.json" +docker exec -i isard-sso-keycloak sh -c '/opt/jboss/keycloak/bin/kcadm.sh \ + config credentials --server http://localhost:8080/auth \ + --realm master --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD &> /dev/null && \ + /opt/jboss/keycloak/bin/kcadm.sh \ + get client-scopes' > keycloak/client-scopes.json echo "Dump clients.json" docker exec -i isard-sso-keycloak sh -c '/opt/jboss/keycloak/bin/kcadm.sh \ @@ -19,7 +33,20 @@ kcadm.sh create realms -f - << EOF { "realm": "demorealm", "enabled": true } EOF +echo "" +echo "## diff realm.json \n" +diff keycloak/realm.json keycloak/realm.json.old + +echo "" +echo "## diff clients.json \n" +diff keycloak/clients.json keycloak/clients.json.old + +echo "" +echo "## diff client-scopes.json \n" +diff keycloak/client-scopes.json keycloak/client-scopes.json.old + + ### NEW -./kcadm.sh update realms/master -f realm.json \ No newline at end of file +#./kcadm.sh update realms/master -f realm.json diff --git a/custom.sample/keycloak/realm.json b/custom.sample/keycloak/realm.json new file mode 100644 index 0000000..ed31a19 --- /dev/null +++ b/custom.sample/keycloak/realm.json @@ -0,0 +1,24 @@ +{ + "loginTheme": "liiibrelite", + "accountTheme": "account-avatar", + "internationalizationEnabled": true, + "supportedLocales": [ + "en", + "fr", + "ca", + "es" + ], + "defaultLocale": "ca", + "attributes": { + "cibaBackchannelTokenDeliveryMode": "poll", + "cibaExpiresIn": "120", + "cibaAuthRequestedUserHint": "login_hint", + "oauth2DeviceCodeLifespan": "600", + "oauth2DevicePollingInterval": "600", + "clientOfflineSessionMaxLifespan": "0", + "clientSessionIdleTimeout": "0", + "clientSessionMaxLifespan": "0", + "clientOfflineSessionIdleTimeout": "0", + "cibaInterval": "5" + } +} diff --git a/dd-ctl b/dd-ctl index 6c8d306..ccbd18a 100755 --- a/dd-ctl +++ b/dd-ctl @@ -218,11 +218,9 @@ setup_wordpress(){ } setup_keycloak(){ - # Add dd admin user (NOT USED, done in isard-sso-admin) - # docker exec isard-sso-keycloak /opt/jboss/keycloak/bin/add-user-keycloak.sh -u $DDADMIN_USER -p $DDADMIN_PASSWORD - # docker restart isard-sso-keycloak - sleep 10 -} + # configure keycloack: realm and client_scopes + echo " --> Setting up SAML for moodle" + docker exec -ti isard-sso-admin sh -c "export PYTHONWARNINGS='ignore:Unverified HTTPS request' && cd /admin/saml_scripts/ && python3 keycloak_config.py" saml_certificates(){ @@ -412,6 +410,7 @@ fi if [ "$OPERATION" = "saml" ]; then up wait_for_moodle + setup_keycloak saml_certificates fi @@ -427,6 +426,7 @@ if [ "$OPERATION" = "all" ]; then setup_wordpress setup_moodle + setup_keycloak saml_certificates echo "\n\n" diff --git a/isard-sso b/isard-sso index 6209d74..7c271ab 160000 --- a/isard-sso +++ b/isard-sso @@ -1 +1 @@ -Subproject commit 6209d745143f720230a74dc100784591669731ee +Subproject commit 7c271ab59801529be70dcf1dff4fbc3822f326aa