|
|
|
# Infrastructure
|
|
|
|
|
|
|
|
Keycloak is started as a docker container and can either be started individually via the docker-compose file keycloak.yml or via the gitsearch.yml file as a dependency. I would recommend to restart it when starting the gitsearch application.
|
|
|
|
|
|
|
|
Normally I use a command like that:
|
|
|
|
|
|
|
|
`docker-compose -f gitsearch.yml up -d --no-deps --build --force-recreate gitsearch-app keycloak postgres`
|
|
|
|
|
|
|
|
To make sure that the keycloak container is running you can check the logs:
|
|
|
|
|
|
|
|
`docker logs --tail 1000 --follow docker_keycloak_1`
|
|
|
|
|
|
|
|
Generally `docker ps` should show something like this:
|
|
|
|
|
|
|
|
`7720d4891662 quay.io/keycloak/keycloak:18.0.2-legacy "/opt/jboss/tools/do…" 2 weeks ago Up 2 weeks 8443/tcp, 0.0.0.0:8082->8080/tcp, :::8082->8080/tcp docker_keycloak_1`
|
|
|
|
|
|
|
|
To customize the keycloak theme one needs to adapt .ftl files or write custom code.
|
|
|
|
The main theme which we created can be found here:
|
|
|
|
|
|
|
|
`src/main/resources/keycloak-theme/themes/gitsearch`
|
|
|
|
|
|
|
|
The thing is that this code has to be moved into the keycloak container to be able to displayed by the application. Therefore, I wrote a script for it which you can run after applying changes.
|
|
|
|
|
|
|
|
`src/main/resources/keycloak-theme/themes/deploy_theme.sh`
|
|
|
|
|
|
|
|
More information about keycloak customization can be found here:
|
|
|
|
|
|
|
|
[Keycloak Theme Documentation](https://www.keycloak.org/docs/latest/server_development/#:~:text=Configuring%20a%20theme,-All%20theme%20types&text=Click%20Realm%20Settings%20from%20the,Admin%20Console%20refresh%20the%20page.)
|
|
|
|
|
|
|
|
|
|
|
|
## Configuration
|
|
|
|
|
|
|
|
To log in to the keycloak server you have to go to the following link and click on "Administration Console":
|
|
|
|
|
|
|
|
[Keycloak Development Server](https://keycloak.codeability-austria.uibk.ac.at/auth/)
|
|
|
|
|
|
|
|
Once you reached the login you can find the credentials in the KeePass Database.
|
|
|
|
|
|
|
|
Generally everything goes on in the "Gitsearch" Realm and the application is connected via the
|
|
|
|
[myclient](https://keycloak.codeability-austria.uibk.ac.at/auth/admin/master/console/#/realms/gitsearch/clients/40088a33-bc2c-4600-a682-faa52b39c0d6) Client.
|
|
|
|
|
|
|
|
An important customization is that we created some mappers to map some attributes from keycloak to gitsearch and vice versa:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
More information can be found here: [Keycloak Documentation](https://www.keycloak.org/docs/latest/server_admin/)
|
|
|
|
|
|
|
|
## Identity Providers for Keycloak
|
|
|
|
|
|
|
|
Generally, keycloak support multiple protocols like saml or oauth2. With this it is possible to connect identity providers like Google or also Universities.
|
|
|
|
|
|
|
|
The settings to make it work for the university of innsbruck using saml can be found here:
|
|
|
|
|
|
|
|
[SAML UIBK IDP](https://keycloak.codeability-austria.uibk.ac.at/auth/admin/master/console/#/realms/gitsearch/identity-provider-settings/provider/saml/uibk)
|
|
|
|
|
|
|
|
## Sequence Diagram
|
|
|
|
|
|
|
|
 |
|
|
\ No newline at end of file |
