feat(keycloak): new json with customized values in realm and launch script in dd-ctl with keycloak config

config/dd.sh

@@ -1,6 +1,13 @@
 #!/bin/bash
 source ../digitaldemocratic.conf
 
+mv keycloak/realm.json keycloak/realm.json.old
+mv keycloak/clients.json keycloak/clients.json.old
+mv keycloak/client-scopes.json keycloak/client-scopes.json.old
+
+#/opt/jboss/keycloak/bin/kcadm.sh config credentials --server http://localhost:8080/auth --realm master --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD &> /dev/null
+#/opt/jboss/keycloak/bin/kcadm.sh get realms/master
+
 echo "Dump realm.json"
 docker exec -i isard-sso-keycloak sh -c '/opt/jboss/keycloak/bin/kcadm.sh \
     config credentials --server http://localhost:8080/auth \
@@ -8,6 +15,13 @@ docker exec -i isard-sso-keycloak sh -c '/opt/jboss/keycloak/bin/kcadm.sh \
     /opt/jboss/keycloak/bin/kcadm.sh \
     get realms/master' > keycloak/realm.json
     
+echo "Dump client-scopes.json"
+docker exec -i isard-sso-keycloak sh -c '/opt/jboss/keycloak/bin/kcadm.sh \
+    config credentials --server http://localhost:8080/auth \
+    --realm master --user $KEYCLOAK_USER --password $KEYCLOAK_PASSWORD &> /dev/null && \
+    /opt/jboss/keycloak/bin/kcadm.sh \
+    get client-scopes' > keycloak/client-scopes.json
+
 echo "Dump clients.json"
 docker exec -i isard-sso-keycloak sh -c '/opt/jboss/keycloak/bin/kcadm.sh \
     config credentials --server http://localhost:8080/auth \
@@ -19,7 +33,20 @@ kcadm.sh create realms -f - << EOF
 { "realm": "demorealm", "enabled": true }
 EOF
 
+echo ""
+echo "## diff realm.json \n"
+diff keycloak/realm.json keycloak/realm.json.old
+
+echo ""
+echo "## diff clients.json \n"
+diff keycloak/clients.json keycloak/clients.json.old
+
+echo ""
+echo "## diff client-scopes.json \n"
+diff keycloak/client-scopes.json keycloak/client-scopes.json.old
+
+
 
 ### NEW
 
-./kcadm.sh update realms/master -f realm.json
+#./kcadm.sh update realms/master -f realm.json

custom.sample/keycloak/realm.json

@@ -0,0 +1,24 @@
+{
+    "loginTheme": "liiibrelite",
+    "accountTheme": "account-avatar",
+    "internationalizationEnabled": true,
+    "supportedLocales": [
+        "en",
+        "fr",
+        "ca",
+        "es"
+    ],
+    "defaultLocale": "ca",
+    "attributes": {
+        "cibaBackchannelTokenDeliveryMode": "poll",
+        "cibaExpiresIn": "120",
+        "cibaAuthRequestedUserHint": "login_hint",
+        "oauth2DeviceCodeLifespan": "600",
+        "oauth2DevicePollingInterval": "600",
+        "clientOfflineSessionMaxLifespan": "0",
+        "clientSessionIdleTimeout": "0",
+        "clientSessionMaxLifespan": "0",
+        "clientOfflineSessionIdleTimeout": "0",
+        "cibaInterval": "5"
+    }
+}

dd-ctl

@@ -218,11 +218,9 @@ setup_wordpress(){
 }
 
 setup_keycloak(){
-	# Add dd admin user (NOT USED, done in isard-sso-admin)
-	# docker exec isard-sso-keycloak /opt/jboss/keycloak/bin/add-user-keycloak.sh -u $DDADMIN_USER -p $DDADMIN_PASSWORD
-	# docker restart isard-sso-keycloak
-	sleep 10
-}
+	# configure keycloack: realm and client_scopes
+	echo " --> Setting up SAML for moodle"
+	docker exec -ti isard-sso-admin sh -c "export PYTHONWARNINGS='ignore:Unverified HTTPS request' && cd /admin/saml_scripts/ && python3 keycloak_config.py"
 
 
 saml_certificates(){
@@ -412,6 +410,7 @@ fi
 if [ "$OPERATION" = "saml" ]; then
 	up
 	wait_for_moodle
+	setup_keycloak
 	saml_certificates
 fi
 
@@ -427,6 +426,7 @@ if [ "$OPERATION" = "all" ]; then
 	setup_wordpress
 	setup_moodle
 
+	setup_keycloak
 	saml_certificates
 
 	echo "\n\n"

isard-sso

@@ -1 +1 @@
-Subproject commit 6209d745143f720230a74dc100784591669731ee
+Subproject commit 7c271ab59801529be70dcf1dff4fbc3822f326aa