Tips for Keycloak - reanahub/reana GitHub Wiki
Contents
Test Keycloak integration locally
-
Install the Keycloak Helm Chart, making sure that all the PVs/PVCs from previous installs were deleted:
helm install reana-keycloak oci://registry-1.docker.io/bitnamicharts/keycloak \ --set service.type=NodePort \ --set service.nodePorts.http=31234 \ --set auth.adminPassword=mysecretpassword -
Get the IP of kind's node:
kubectl get nodes --namespace default -o jsonpath="{.items[0].status.addresses[0].address}"We will refer to this IP address with
NODE_IPin the rest of the steps. -
Connect to the Keycloak admin dashboard by visiting
http://NODE_IP:31234and logging in with:- username:
user - password:
mysecretpassword
- username:
-
Create a new realm named
reana -
Create a new OpenID connect client with:
- Client ID:
reana - Client authentication: On
- Root URL:
https://localhost:30443 - Valid redirect URIs:
https://localhost:30443/api/oauth/authorized/keycloak/
- Client ID:
-
Create a new user, for example
- Username:
user - Email:
[email protected] - Email verified: Yes
- First name:
user - Last name:
user
- Username:
-
From the Credentials tab, set a password for the user with Temporary set to off
-
Copy the Client secret and configure REANA to integrate with Keycloak in
values-dev.yaml:login: - name: "yourprovider" type: "keycloak" config: title: "YOUR PROVIDER" base_url: "http://NODE_IP:31234" realm_url: "http://NODE_IP:31234/realms/reana" auth_url: "http://NODE_IP:31234/realms/reana/protocol/openid-connect/auth" token_url: "http://NODE_IP:31234/realms/reana/protocol/openid-connect/token" userinfo_url: "http://NODE_IP:31234/realms/reana/protocol/openid-connect/userinfo" secrets: login: yourprovider: consumer_key: reana consumer_secret: <your-client-secret> components: reana_server: environment: REANA_USER_EMAIL_CONFIRMATION: false -
Deploy REANA as usual:
reana-dev cluster-deploy --admin-email [email protected] --admin-password mysecretpassword